map $http_upgrade $connection_upgrade {
    default upgrade;
    ''        close;
}

upstream sonarr_backend {
	server 127.0.0.1:8989;
	keepalive 32;
}

server {
    listen                  443 ssl http2;
    listen                  [::]:443 ssl http2;
    server_name             sonarr.local.eax.app;
    
    # SSL
    ssl_certificate         /etc/letsencrypt/live/local.eax.app/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/local.eax.app/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/local.eax.app/chain.pem;

    # security
    include                 nginxconfig.io/security.conf;

    # restrict methods
    if ($request_method !~ ^(GET|POST|PUT|DELETE|HEAD|CONNECT|OPTIONS|TRACE)$) {
        return '405';
    }

    # logging
    access_log /var/log/nginx/sonarr.local.eax.app.access.log;
    error_log  /var/log/nginx/sonarr.local.eax.app.error.log warn;

    # index.html fallback
    location / {
	#auth_basic off;
        proxy_pass http://sonarr_backend;
	proxy_set_header   Host               127.0.0.1:8989;
    	proxy_set_header   X-Forwarded-Host   $http_host;
    	proxy_set_header   X-Forwarded-For    $remote_addr;
	proxy_cookie_path  /                  "/; Secure";
        #proxy_set_header Host $host;
        #proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-Proto $scheme;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	#proxy_set_header X-Forwarded-Host $server_name:$server_port;
        #proxy_hide_header Referer;
        #proxy_hide_header Origin;
        #proxy_set_header Referer '';
        #proxy_set_header Origin '';
    }
    # additional config
    #include nginxconfig.io/general.conf;
}

# HTTP redirect
server {
    listen      80;
    listen      [::]:80;
    server_name sonarr.local.eax.app;
    include     nginxconfig.io/letsencrypt.conf;

    location / {
        return 301 https://sonarr.local.eax.app$request_uri;
    }
}