events {
    worker_connections  1024;
}


http {
    server_tokens off;
    charset utf-8;

    upstream minioUI {
        least_conn;
        server minio:9001;
    }

    upstream minioAPI {
        least_conn;
        server minio:9000;
    }

    # upstream fastAPI {
    #     least_conn;
    #     server api:8080;
    # }

    server {
        listen 80;

        server_name app.mzansi-innovation-hub.co.za;

        # #Web App
        # location / {
        #     proxy_pass http://MIH-UX:83/;
        # }

        # location ~ /.well-known/acme-challenge/ {
        #     root /var/www/certbot;
        # }

        return 301 https://app.mzansi-innovation-hub.co.za$request_uri;
    }

    server {
        listen 443 ssl;
        http2 on;
        # use the certificates
        ssl_certificate     /etc/letsencrypt/live/mzansi-innovation-hub.co.za-0003/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mzansi-innovation-hub.co.za-0003/privkey.pem;
        server_name app.mzansi-innovation-hub.co.za;
        root /var/www/html;
        index index.php index.html index.htm;

        # To allow special characters in headers
        ignore_invalid_headers off;
        # Allow any size file to be uploaded.
        # Set to a value such as 1000m; to restrict file size to a specific value
        client_max_body_size 0;
        # To disable buffering
        proxy_buffering off;
        proxy_request_buffering off;

        # Web App
        location / {
            proxy_pass http://MIH-UX:83/;
        }

        location ~ /.well-known/acme-challenge/ {
            root /var/www/certbot;
        } 
    }

    server {
        listen 80;

        server_name api.mzansi-innovation-hub.co.za;

        # # #Web App
        # location / {
        #     proxy_pass http://MIH-API-Hub:8080/;
        # }

        # location ~ /.well-known/acme-challenge/ {
        #     root /var/www/certbot;
        # } 

        return 301 https://api.mzansi-innovation-hub.co.za$request_uri;
    }

    server {
        listen 443 ssl;
        http2 on;
        # use the certificates
        ssl_certificate     /etc/letsencrypt/live/mzansi-innovation-hub.co.za-0003/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mzansi-innovation-hub.co.za-0003/privkey.pem;
        server_name api.mzansi-innovation-hub.co.za;
        root /var/www/html;
        index index.php index.html index.htm;

        # To allow special characters in headers
        ignore_invalid_headers off;
        # Allow any size file to be uploaded.
        # Set to a value such as 1000m; to restrict file size to a specific value
        client_max_body_size 0;
        # To disable buffering
        proxy_buffering off;
        proxy_request_buffering off;

        # Web Api
        location / {
            proxy_pass http://MIH-API-Hub:80/;
        }

        location ~ /.well-known/acme-challenge/ {
            root /var/www/certbot;
        } 
    }

    server {
        listen 80;

        server_name minio.mzansi-innovation-hub.co.za;

        # #Web App
        # location / {
        #     proxy_pass https://minioAPI;
        # }

        # location ~ /.well-known/acme-challenge/ {
        #     root /var/www/certbot;
        # } 

        return 301 https://minio.mzansi-innovation-hub.co.za$request_uri;
    }

    server {
        listen 443 ssl;
        http2 on;
        # use the certificates
        ssl_certificate     /etc/letsencrypt/live/mzansi-innovation-hub.co.za-0003/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mzansi-innovation-hub.co.za-0003/privkey.pem;
        server_name minio.mzansi-innovation-hub.co.za;
        root /var/www/html;
        index index.php index.html index.htm;

        # To allow special characters in headers
        ignore_invalid_headers off;
        # Allow any size file to be uploaded.
        # Set to a value such as 1000m; to restrict file size to a specific value
        client_max_body_size 0;
        # To disable buffering
        proxy_buffering off;
        proxy_request_buffering off;

        
        location / {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            proxy_connect_timeout 300;
            # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            chunked_transfer_encoding off;

            proxy_pass http://MIH-Minio:9000; # This uses the upstream directive definition to load balance
        }

        location /minio/ui/ {
            rewrite ^/minio/ui/(.*) /$1 break;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-NginX-Proxy true;

            # This is necessary to pass the correct IP to be hashed
            real_ip_header X-Real-IP;

            proxy_connect_timeout 300;

            # To support websockets in MinIO versions released after January 2023
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
            # Uncomment the following line to set the Origin request to an empty string
            proxy_set_header Origin '';

            chunked_transfer_encoding off;

            proxy_pass http://MIH-Minio:9001; # This uses the upstream directive definition to load balance
        }

        location ~ /.well-known/acme-challenge/ {
            root /var/www/certbot;
        } 
    }
}