worker_processes 1;
user nobody;

pcre_jit on;

error_log /dev/stderr warn;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /usr/local/openresty/nginx/conf/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr -> $request [$status] - '
                    'referer: $http_referer $http_x_forwarded_for';
    access_log /dev/stdout main;

    server_tokens off;
    keepalive_timeout 65;

    upstream backend {
        server __BACKEND__:6666;
    }

    map $request_uri $request_uri_path {
        "~^(?P<path>[^?]*)(\?.*)?$"  $path;
    }

    init_by_lua_block {
        cjson = require("cjson")
        html_head_tag_replacement_str = "{{ generated_head_tags }}"
    }

    server {
        listen 80 default_server;

        location ~ ^/api$ {
            return 302 /api/;
        }

        location ~ ^/api/(.*)$ {
            tcp_nodelay on;

            add_header 'Access-Control-Allow-Origin' '*';
            if ($request_method = 'OPTIONS') {
                add_header 'Access-Control-Allow-Methods'
                    'GET, POST, PUT, DELETE, OPTIONS';
                add_header 'Access-Control-Allow-Headers'
                    'Authorization, Content-Type';
                return 200;
            }

            client_max_body_size 1073741824;

            gzip on;
            gzip_comp_level 3;
            gzip_min_length 20;
            gzip_proxied expired no-cache no-store private auth;
            gzip_types text/plain application/json;

            proxy_connect_timeout 180s;
            proxy_send_timeout 300s;
            proxy_read_timeout 600s;
            if ($request_uri ~* "/api/(.*)") {
                proxy_pass http://backend/$1;
            }

            error_page 500 502 503 504 @badproxy;
        }

        location /data/ {
            rewrite ^/data/(.*) /$1 break;
            root /data;

            sendfile on;
            tcp_nopush on;
            tcp_nodelay on;

            error_page 403 @unauthorized;
            error_page 404 @notfound;
        }

        location / {
            root /var/www;
            try_files $uri /_meta_tags_html;

            sendfile on;
            tcp_nopush on;
            tcp_nodelay on;

            gzip_static on;
            gzip_proxied expired no-cache no-store private auth;
        }

        location ~ ^/_internal_api/(.*)$ {
            internal;
            tcp_nodelay on;

            add_header 'Access-Control-Allow-Origin' '*';

            gzip off;
            proxy_connect_timeout 10s;
            proxy_send_timeout 10s;
            proxy_read_timeout 10s;
            proxy_pass http://backend/$1;
        }

        location /_meta_tags_html {
            internal;
            set $original_scheme $scheme;
            if ( $http_x_forwarded_proto = 'https' ) {
                set $original_scheme "https";
            }
            root /var/www;
            set $external_host_url "${original_scheme}://${http_host}";
            content_by_lua_file /etc/nginx/metatags.lua;
        }

        location @unauthorized {
            return 403 "Unauthorized";
            default_type text/plain;
        }

        location @notfound {
            return 404 "Not Found";
            default_type text/plain;
        }

        location @badproxy {
            return 502 "Failed to connect to szurubooru REST API";
            default_type text/plain;
        }
    }
}

daemon off;