user ${SERVER_USER};
worker_processes auto;
pid /usr/local/openresty/nginx/logs/nginx.pid;

events
{
  worker_connections 1024;
}

http
{
  include mime.types;
  default_type application/octet-stream;

  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;

  keepalive_timeout 65;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  access_log /var/log/openresty/access.log;
  error_log /var/log/openresty/error.log;

  gzip on;
  gzip_disable "msie6";

  lua_shared_dict auto_ssl 1m;
  lua_shared_dict auto_ssl_settings 64k;
  resolver 8.8.8.8 ipv6=off;

  init_by_lua_block
  {
    auto_ssl = (require "resty.auto-ssl").new()
    auto_ssl:set("allow_domain", function(domain)
    return true
    end)
    auto_ssl:init()
  }

  init_worker_by_lua_block
  {
    auto_ssl:init_worker()
  }

  map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
  }

  server
  {
    listen 443 ssl;
    client_max_body_size 100M;
    ssl_certificate_by_lua_block
    {
      auto_ssl:ssl_certificate()
    }
    ssl_certificate /etc/fallback-certs/resty-auto-ssl-fallback.crt;
    ssl_certificate_key /etc/fallback-certs/resty-auto-ssl-fallback.key;

    location /
    {
      root /var/www;
      try_files $uri $uri/ /index.html @proxy;
      error_page 405 @proxy;
    }

    location /api/
    {
      try_files /_bypass_to_proxy @proxy;
    }

    location /ws
    {
      proxy_pass http://${SERVER_HOST}:3000;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_set_header Host $host;
    }

    location /yjs
    {
      proxy_pass http://${SERVER_HOST}:3000;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_set_header Host $host;
    }

    location @proxy {
      proxy_pass http://${SERVER_HOST}:3000;
      proxy_redirect off;
      proxy_set_header Host $host;
    }
  }

  server
  {
    listen 80;
    client_max_body_size 100M;
    location /.well-known/acme-challenge/
    {
      content_by_lua_block
      {
        auto_ssl:challenge_server()
      }
    }

    location /
    {
      root /var/www;
      try_files $uri $uri/ /index.html @proxy;
      error_page 405 @proxy;
    }

    location /api/
    {
      try_files /_bypass_to_proxy @proxy;
    }

    location /ws
    {
      proxy_pass http://${SERVER_HOST}:3000;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_set_header Host $host;
    }

    location /yjs
    {
      proxy_pass http://${SERVER_HOST}:3000;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_set_header Host $host;
    }

    location @proxy {
      proxy_pass http://${SERVER_HOST}:3000;
      proxy_redirect off;
      proxy_set_header Host $host;
    }
  }

  server
  {
    listen 127.0.0.1:8999;
    client_body_buffer_size 128k;
    client_max_body_size 100M;
    client_body_timeout 300s;

    location /
    {
      content_by_lua_block
      {
        auto_ssl:hook_server()
      }
    }
  }
}