#socket.io connections (from OH) NEED ip_hash routing, all other connections will be cookie or round robin
upstream socketapp {
	#ip_hash;
	server 127.0.0.1:3000;
	#server 192.168.1.10:3000;
	#server 127.0.0.1:3001;
	#server 192.168.1.10:3001;
}

#Connections that need to be proxied, need same entries as "socketapp"
upstream proxyapp {
	server 127.0.0.1:3000;
	#server 192.168.1.10:3000;
	#server 127.0.0.1:3001;
	#server 192.168.1.10:3001;
}

#all other connections to serve openHAB-Cloud requests (not proxied)
upstream webapp {
	server 127.0.0.1:3000;
	#server 192.168.1.10:3002;
	#server 127.0.0.1:3003;
	#server 192.168.1.10:3003;
}

server {
    listen 80;
    listen [::]:80;
    server_name cloud.domoticaundici.it home.domoticaundici.it;
    return 301 https://$server_name$request_uri;
}

#Full proxy for home.yourhost.com
server {
    listen 443 ssl;
    server_name home.domoticaundici.it;
    ssl_certificate /etc/letsencrypt/live/home.domoticaundici.it/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/home.domoticaundici.it/privkey.pem; # managed by Certbot

    charset utf-8;

    access_log /var/log/nginx/home.domoticaundici.it-access.log;
    error_log /var/log/nginx/home.domoticaundici.it-error.log;
    client_max_body_size 300m;

    root /var/www/html;

    location ~ /.well-known {
      allow all;
    }

    #proxy redirects
    include nginx-openhabcloud-lb-redirects.conf;

    location / {
	set $upstream_server proxyapp;
	#if we have a cookie, try using this server
	#also, ifIsEvil https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
	#for why we use this as little as possible
	if ($http_cookie ~ "CloudServer=(\S+)\%3A(\d+).*") {
		set $upstream_host $1;
		set $upstream_port $2;
		set $upstream_server "${upstream_host}:${upstream_port}";
	}
	proxy_pass http://$upstream_server;
	proxy_redirect off;
	proxy_http_version 1.1;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr ;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
	proxy_set_header X-Forwarded-Proto https;
	proxy_intercept_errors on;
	recursive_error_pages on;
	error_page 307 = @handle_proxy;
	#if this server is down we need to try a new upstream
	error_page 500 501 502 503 504 = @proxy_down;
    }
}

# Main cloud.domoticaundici.it requests
server {
	listen 443 ssl;
	server_name cloud.domoticaundici.it;
	ssl_certificate /etc/letsencrypt/live/cloud.domoticaundici.it/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/cloud.domoticaundici.it/privkey.pem; # managed by Certbot

	charset utf-8;

	access_log /var/log/nginx/cloud.domoticaundici.it-access.log;
	error_log /var/log/nginx/cloud.domoticaundici.it-error.log;
	client_max_body_size 300m;

	root /home/stefano/openhab-cloud;

	location ~ /.well-known {
		allow all;
	}

	#local file locations
	location /css {
		alias  /home/stefano/openhab-cloud/public/css;
	}
	location /js {
		alias /home/stefano/openhab-cloud/public/js;
	}
	location /img {
		alias /home/stefano/openhab-cloud/public/img;
	}
	location /bootstrap {
		alias /home/stefano/openhab-cloud/public/bootstrap;
	}
	location /font-icons {
		alias /home/stefano/openhab-cloud/public/font-icons;
	}
	location /fonts {
		alias /home/stefano/openhab-cloud/public/fonts;
	}
	location /js-plugin {
		alias /home/stefano/openhab-cloud/public/js-plugin;
	}
	location /staff/js-plugin {
	    alias /home/stefano/openhab-cloud/public/js-plugin;
	}
	location /downloads {
	    alias /home/stefano/openhab-cloud/public/downloads;
	}
	location /openhabGoogleAssistant {
            alias /home/stefano/openhab-cloud/openhab-google-assistant-master;
        }

	#OH Socket.io Connections (from OH)
	location /socket.io {
		proxy_pass http://socketapp;
		proxy_redirect off;
		proxy_http_version 1.1;
		proxy_set_header Host $host;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header X-Real-IP $remote_addr ;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
		proxy_set_header X-Forwarded-Proto https;
	}

	#proxy redirects
	include nginx-openhabcloud-lb-redirects.conf;

	#Proxied Connections (from clients)
	location ~ ^/(rest|images|static|rrdchart.png|chart|openhab.app|WebApp|CMD|cometVisu|proxy|greent|jquery|classicui|ui|basicui|paperui|doc|start|icon|habmin|remote|habpanel|ifttt/v1/actions/command){
	  set $upstream_server proxyapp;
	  #if we have a cookie, try using this server
	  #also, ifIsEvil https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
	  #for why we use this as little as possible
	  if ($http_cookie ~ "CloudServer=(\S+)\%3A(\d+).*") {
	    set $upstream_host $1;
	    set $upstream_port $2;
	    set $upstream_server "${upstream_host}:${upstream_port}";
	  }
	  proxy_pass http://$upstream_server;
	  proxy_redirect off;
	  proxy_http_version 1.1;
	  proxy_set_header Host $host;
	  proxy_set_header X-Real-IP $remote_addr ;
	  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
	  proxy_set_header X-Forwarded-Proto https;
		proxy_intercept_errors on;
		recursive_error_pages on;
	  error_page 307 = @handle_proxy;
	  #if this server is down we need to try a new upstream
	  error_page 500 501 502 503 504 = @proxy_down;
	}

    #All other non proxy connections
	location / {
	    proxy_pass http://webapp;
	    proxy_redirect off;
	    proxy_http_version 1.1;
	    proxy_set_header Host $host;
	    proxy_set_header X-Real-IP $remote_addr ;
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
	    proxy_set_header X-Forwarded-Proto https;
	}
}