##### Define upstream start ####################################################
upstream focalboard {
   server localhost:8000;
   keepalive 32;
}
##### Define upstream stop #####################################################

##### Process http start #######################################################
server {
    listen 80;
    server_name DOMAIN;
    return 301 https://DOMAIN$request_uri;
    server_tokens off;
}
##### Process http stop ########################################################

##### Process https start ######################################################
server {
    listen 443 ssl http2;
    server_name DOMAIN;
    server_tokens off;

    ##### SSL configuration start ##############################################
    # ssl_protocols TLSv1.2 TLSv1.3;
    # ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
    # ssl_prefer_server_ciphers off;
    # ssl_stapling on;
    # ssl_stapling_verify on;
    # resolver 8.8.4.4 8.8.8.8;
    # resolver_timeout 5s;
    # ssl_session_timeout 1d;
    # ssl_session_tickets off;
    # ssl_session_cache shared:SSL:10m;
    # ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
    # ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
    # ssl_trusted_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
    ##### SSL configuration stop ###############################################

    ##### XSS headers start ####################################################
    # add_header X-Frame-Options DENY; 
    # add_header X-Frame-Options SAMEORIGIN;
    # add_header X-Content-Type-Options nosniff; 
    # add_header X-XSS-Protection "1; mode=block";
    # add_header Permissions-Policy interest-cohort=();
    # add_header Content-Security-Policy "default-src 'self'"; 
    # add_header Referrer-Policy strict-origin-when-cross-origin;
    # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    ##### XSS headers stop #####################################################

    ##### Optional include custom Error pages start ############################
    include /etc/nginx/nginxsnippets/custom-errors.conf;
    ##### Optional include custom Error pages stop #############################
    
    ##### Optional disable gzip start ##########################################
    # gzip off;
    ##### Optional disable gzip stop ###########################################

    ##### Optional disable access log start ####################################
    # access_log off;
    ##### Optional disable access log stop #####################################

    ##### Block Bad referers and bad bots start ################################
    if ($bad_referer) { return 444; }
    if ($bad_user_agent) { return 444; }
    ##### Block Bad referers and bad bots stop #################################
   
    ##### Optional stuff start ################################################# 
    # include /etc/nginx/nginxsnippets/block-engines.conf;
    include /etc/nginx/nginxsnippets/log-exclude.conf;
    include /etc/nginx/nginxsnippets/block-htaccess.conf;
    include /etc/nginx/nginxsnippets/block-file-access.conf;
    ##### Optional stuff stop ################################################## 

    ##### Enable fastcgi cache start ###########################################
    set $skip_cache 0;
    ##### Enable fastcgi cache stop ############################################
    
    ##### Process content start ################################################
    location ~ /ws/* {
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    client_max_body_size 50M;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_buffers 256 16k;
    proxy_buffer_size 16k;
    client_body_timeout 60;
    send_timeout 300;
    lingering_timeout 5;
    proxy_connect_timeout 1d;
    proxy_send_timeout 1d;
    proxy_read_timeout 1d;
    proxy_pass http://focalboard;
   }

location / {
    client_max_body_size 50M;
    proxy_set_header Connection "";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_buffers 256 16k;
    proxy_buffer_size 16k;
    proxy_read_timeout 600s;
    proxy_cache_revalidate on;
    proxy_cache_min_uses 2;
    proxy_cache_use_stale timeout;
    proxy_cache_lock on;
    proxy_http_version 1.1;
    proxy_pass http://focalboard;
   }
   ##### Process content stop #################################################

   ##### Cache js css static content and open files start #####################
   # include /etc/nginx/nginxsnippets/cache-open-files.conf;
   include /etc/nginx/nginxsnippets/cache-statics.conf;
   include /etc/nginx/nginxsnippets/cache-js-css.conf;
   ##### Cache js css static content and open files stop ######################
}
##### Process https stop ######################################################