client_max_body_size 50m;

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
	listen 80;
	listen 443 ssl http2;
	server_name pc.domain;
	root /app/frontend;
	index index.html;

	if ($server_port !~ 443) {
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    ssl_certificate /playedu-data/ssl/pc.pem;
    ssl_certificate_key /playedu-data/ssl/pc.key;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

    gzip on;
    gzip_static on;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 5;
    gzip_types text/plain application/javascript text/css application/xml text/javascript;
    gzip_vary on;

	location /api/ {
	    proxy_set_header X-Real-IP $remote_addr;
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_pass http://127.0.0.1:9898/;
	}

    location ~* ^/((?!api|template).*) {
        try_files $uri $uri/ /index.html;
    }
}

server {
	listen 80;
	listen 443 ssl http2;
	server_name h5.domain;
	root /app/h5;
	index index.html;

	if ($server_port !~ 443) {
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    ssl_certificate /playedu-data/ssl/h5.pem;
    ssl_certificate_key /playedu-data/ssl/h5.key;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

    gzip on;
    gzip_static on;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 5;
    gzip_types text/plain application/javascript text/css application/xml text/javascript;
    gzip_vary on;

	location /api/ {
	    proxy_set_header X-Real-IP $remote_addr;
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_pass http://127.0.0.1:9898/;
	}

    location ~* ^/((?!api|template).*) {
        try_files $uri $uri/ /index.html;
    }
}

server {
	listen 80;
	listen 443 ssl http2;
	server_name admin.domain;
	root /app/backend;
	index index.html;

	if ($server_port !~ 443) {
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    ssl_certificate /playedu-data/ssl/admin.pem;
    ssl_certificate_key /playedu-data/ssl/admin.key;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

    gzip on;
    gzip_static on;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 5;
    gzip_types text/plain application/javascript text/css application/xml text/javascript;
    gzip_vary on;

	location /api/ {
	    proxy_set_header X-Real-IP $remote_addr;
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_pass http://127.0.0.1:9898/;
	}

    location ~* ^/((?!api|template).*) {
        try_files $uri $uri/ /index.html;
    }
}


server {
	listen 80;
	listen 443 ssl http2;
	server_name api.domain;
	root /app/api;
	index index.html;

	if ($server_port !~ 443) {
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    ssl_certificate /playedu-data/ssl/api.pem;
    ssl_certificate_key /playedu-data/ssl/api.key;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

	location / {
	    proxy_set_header X-Real-IP $remote_addr;
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_pass http://127.0.0.1:9898/;
	}
}

####MINIO-START####
server {
	listen 80;
	listen 443 ssl http2;
	server_name minio.domain;
	root /app/api;
	index index.html;

	if ($server_port !~ 443) {
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    ssl_certificate /playedu-data/ssl/minio.pem;
    ssl_certificate_key /playedu-data/ssl/minio.key;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";

	location / {
        proxy_pass http://minio:9000;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_http_version 1.1;

        add_header X-Cache $upstream_cache_status;

        set $static_filevU4Xm6GJ 0;
        if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" ) {
            set $static_filevU4Xm6GJ 1;
            expires 1m;
        }
        if ( $static_filevU4Xm6GJ = 0 ) {
            add_header Cache-Control no-cache;
        }
	}
}
####MINIO-END####