# Include any custom http context settings from custom-base.inc if that file exists
include conf.d/custom-base[.]inc;

server {
    listen [::]:80 default_server ipv6only=off;
    server_name _;
    server_tokens off;

    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;

    # Include any custom plain-HTTP server context settings from custom.inc if that file exists
    include conf.d/custom[.]inc;

    location /admin/ {
        client_max_body_size 50M;
        return 301 https://$host$request_uri;
    }

    location /acme/ {
        return 301 https://$host$request_uri;
    }

    location /aia/issuer {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4001;
    }

    location /directory {
        return 301 https://$host$request_uri;
    }

    location /ocsp {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4002/;
    }

    location /sfe {
        return 301 https://$host$request_uri;
    }

    location /rate-limits {
        try_files $uri $uri.html $uri/ =404;
    }

    location /terms/ {
        try_files $uri $uri.html $uri/ =404;
    }
}

server {
    listen [::]:443 default_server ssl ipv6only=off;
    server_name _;
    server_tokens off;

    ssl_certificate /etc/nginx/ssl/labca_cert.pem;
    ssl_certificate_key /etc/nginx/ssl/labca_key.pem;

    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;

    # Include any custom HTTPS server context settings from custom-ssl.inc if that file exists
    include conf.d/custom-ssl[.]inc;

    location ~ ^/admin/static/(.+) {
        alias /var/www/html/$1;
    }

    location ~ ^/admin/.+/static/(.+) {
        alias /var/www/html/$1;
    }

    location /admin/ {
        client_max_body_size 50M;
        include conf.d/proxy.inc;
        proxy_read_timeout 120;
        proxy_set_header X-Request-Base "/admin";
        proxy_pass http://gui:3000/;
        error_page 502 504 /502.html;
    }

    location /admin/ws {
        include conf.d/proxy.inc;
        proxy_set_header X-Request-Base "/admin";
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass http://gui:3000/ws;
    }

    location /acme/ {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4001;
    }

    location /directory {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4001;
    }

    location /build {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4001;
    }

    location /aia/issuer {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4001;
    }

    location /ocsp {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4002/;
    }

    location /sfe {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4003/;
    }

    location /rate-limits {
        try_files $uri $uri.html $uri/ =404;
    }

    location /terms/ {
        try_files $uri $uri.html $uri/ =404;
    }

    # BEGIN temporary redirect
    location = / {
        return 302 /admin/;
    }
    # END temporary redirect
}