user  http;
worker_processes  auto;

# pid in nginx.service
# pid        /run/nginx.pid;

events {
    worker_connections  1024;
    multi_accept        on;
    use                 epoll;
}

http {
    types_hash_max_size 2048;
    types_hash_bucket_size 128;

    include       mime.types;
    default_type  application/octet-stream;

    proxy_cache_path    /tmp/osp levels=1:2 keys_zone=auth_cache:5m max_size=1g inactive=24h;

    sendfile        on;
    tcp_nopush      on;
    gzip            on;
    gzip_comp_level    5;
    gzip_min_length    256;
    gzip_proxied       any;
    gzip_vary          on;

    gzip_types
    application/atom+xml
    application/javascript
    application/json
    application/ld+json
    application/manifest+json
    application/rss+xml
    application/vnd.geo+json
    application/vnd.ms-fontobject
    application/x-font-ttf
    application/x-web-app-manifest+json
    application/xhtml+xml
    application/xml
    font/opentype
    image/bmp
    image/svg+xml
    image/x-icon
    image/gif
    image/png
    video/mp4
    video/mpeg
    video/x-flv
    text/cache-manifest
    text/css
    text/plain
    text/vcard
    text/vnd.rim.location.xloc
    text/vtt
    text/x-component
    text/x-cross-domain-policy;


    keepalive_timeout  65;

    # Load Balancing for Gunicorn
    upstream socket_nodes {
	# sticky only on commercial nginx
        # sticky cookie srv_id expires=8h;
        hash $remote_addr consistent;
{% for n in range(osp_worker_count) %}
        server 127.0.0.1:{{ osp_worker_start_port + n }};
{% endfor %}
    }

    # OSP Edge Streaming Nodes
    include /opt/osp/conf/osp-edge.conf;


    server {
        listen   9000;

        allow 127.0.0.1;
        deny all;

        location /stat {
            rtmp_stat all;
            rtmp_stat_stylesheet stat.xsl;
        }

        location /stat.xsl {
            root /opt/osp/static;
        }
    }
{% if osp_tls_enabled %}
    server {
        listen [::]:80;
        listen 80;
        location / {
            return 301 https://$host$request_uri;
        }

        include snippets/letsencrypt.conf;
    }
{% endif %}

    # NGINX to OSP Gunicorn Processes Reverse Proxy
    server {
{% if osp_tls_enabled %}
	listen [::]:443 ssl http2;
	listen 443 ssl http2;

	server_name {{ osp_hostname }};

	ssl_certificate /etc/dehydrated/certs/{{ osp_hostname }}/fullchain.pem;
	ssl_certificate_key /etc/dehydrated/certs/{{ osp_hostname }}/privkey.pem;
{% else %}
        listen       80;
        listen       [::]:80;
{% endif %}

        # set client body size to 16M #
        client_max_body_size 16M;

        location / {
            proxy_pass http://socket_nodes;
            proxy_redirect     off;

            proxy_set_header   Host                 $host:$server_port;
            proxy_set_header   X-Real-IP            $remote_addr;
            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto    $scheme;
        }
{% if osp_tls_enabled %}
	include snippets/letsencrypt.conf;
{% endif %}
        include osp-socketio.conf;
        include osp-redirects.conf;

        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    # Ejabberd Reverse Proxy Config to Allow for ejabberd acme-challenge
    # Uncomment and change server_name to match
    #server {
    #       listen       80;
    #       server_name conference.subdomain.domain.tld;
    #       location / {
    #               proxy_pass http://localhost:5280;
    #       }
    #}
    #   server {
    #       listen       80;
    #       server_name proxy.subdomain.domain.tld;
    #       location / {
    #               proxy_pass http://localhost:5280;
    #       }
    #}
    #server {
    #       listen       80;
    #       server_name pubsub.subdomain.domain.tld;
    #       location / {
    #               proxy_pass http://localhost:5280;
    #       }
    #}


}

include osp-rtmp.conf;