log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name seafile.zinomedia.de;

    access_log off;
    error_log /var/log/nginx/error.log error;

    ssl_certificate /etc/letsencrypt/live/seafile.zinomedia.de/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/seafile.zinomedia.de/privkey.pem;

    # SSL Optimizations
    #ssl_protocols TLSv1.2 TLSv1.3;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Content-Security-Policy "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: http://seafile.zinomedia.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;

    # Common proxy headers
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $server_name;

    location / {
        resolver 127.0.0.11;
        set $upstream "http://seafile:8000/";

        proxy_pass $upstream;
        proxy_read_timeout 1200s;
        client_max_body_size 0;

        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
        proxy_http_version 1.1;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;

        resolver 127.0.0.11;
        set $upstream "http://seafile:8082";

        proxy_pass $upstream;
        proxy_connect_timeout 36000s;
        proxy_read_timeout 36000s;
        #proxy_send_timeout 36000s;
        #send_timeout 36000s;
        client_max_body_size 0;
        proxy_request_buffering off;
    }

    location /notification/ping {
        resolver 127.0.0.11;
        set $upstream "http://seafile:8083/ping";
        proxy_pass $upstream;
    }

    location /notification {
        resolver 127.0.0.11;
        set $upstream "http://seafile:8083/";

        proxy_pass $upstream;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /seafdav {
        resolver 127.0.0.11;
        set $upstream "http://seafile:8080";

        proxy_pass $upstream;
        proxy_read_timeout 1200s;
        client_max_body_size 0;
    }

    location /media {
        root ../docker-seafile/volumes/seahub;
    }
}

server {
    listen 80;
    listen [::]:80;
    server_name seafile.zinomedia.de;
    return 301 https://$host$request_uri;
}