events {

}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_types
		text/css
		text/plain
		text/javascript
		text/markdown
		application/javascript
		application/json
		application/gpx+xml
		application/x-javascript
		application/xml
		application/xml+rss
		application/xhtml+xml
		application/x-font-ttf
		application/x-font-opentype
		application/vnd.ms-fontobject
		image/svg+xml
		image/x-icon
		application/rss+xml
		application/atom_xml;
  gzip_disable "MSIE [1-6]\.(?!.*SV1)";


	##
	# Virtual Host Configs
	##

   server {
  	listen 80 default_server;
  	listen [::]:80 default_server;

  	server_name yourdomain.com www.yourdomain.com; # CHANGE ME
  	return 301 https://$server_name$request_uri;
  }

  server {
    server_name yourdomain.com; # CHANGE ME

    # Only allow all methods (GET,POST,PUT,etc..) for root (/pgapi).
    # see https://github.com/bpatrik/pigallery2/issues/214
    location /pgapi {  # NOTE: no ending '/' as it would forward /pgapi to /
      proxy_pass http://pigallery2:80; # forwarding to the other container, named 'pigallery2'
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
    }

    location / {
      limit_except GET {
        deny  all;
      }
      proxy_pass http://pigallery2:80; # forwarding to the other container, named 'pigallery2'
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
    }

    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # CHANGE ME
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # CHANGE ME
    include /etc/letsencrypt/options-ssl-nginx.conf;
  }
}