server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name code.zinomedia.de;

    access_log off;
    error_log /var/log/nginx/error.log debug;

    ssl_certificate /etc/letsencrypt/live/code.zinomedia.de/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/code.zinomedia.de/privkey.pem;

    # SSL Optimizations
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_prefer_server_ciphers on;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;

    include "snippets/enable-vouch.conf"; 

    location / {
        proxy_set_header Sec-Fetch-Site none;
        resolver 127.0.0.11;
        set $upstream "code-server:8443";

        
        #proxy_http_version 1.1;
        #proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Accept-Encoding gzip;
        proxy_set_header Connection upgrade;
        proxy_headers_hash_max_size 512;
        proxy_headers_hash_bucket_size 128;
        proxy_read_timeout 3600;
        proxy_set_header Host $http_host;
        proxy_pass http://$upstream;
    }

     
}

server {
    listen 80;
    listen [::]:80;
    server_name code.zinomedia.de;
    return 301 https://$host$request_uri;
}