map $http_upgrade $connection_upgrade {
    default upgrade;
    ''        close;
}

server {
    listen                  443 ssl http2;
    listen                  [::]:443 ssl http2;
    server_name             drive.eax.app;
    server_tokens off;

    # SSL
    ssl_certificate         /etc/letsencrypt/live/eax.app/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/eax.app/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/eax.app/chain.pem;

    # security
    include                 nginxconfig.io/security.conf;

    # restrict methods
    if ($request_method !~ ^(GET|POST|PUT|HEAD|CONNECT|OPTIONS|TRACE|DELETE)$) {
        return '405';
    }

    # logging
    access_log /var/log/nginx/drive.eax.app.access.log;
    error_log  /var/log/nginx/drive.eax.app.error.log warn;

    # index.html fallback
    location / {
        proxy_pass http://127.0.0.1:8888;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_read_timeout 1200s;
        proxy_set_header   X-Forwarded-Proto https;
    }

    location /seafhttp/ {
        proxy_pass http://127.0.0.1:8888/seafhttp/;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_read_timeout 1200s;
        proxy_set_header   X-Forwarded-Proto https;    
    }

    # additional config
    #include nginxconfig.io/general.conf;
}

# HTTP redirect
server {
    listen      80;
    listen      [::]:80;
    server_name drive.eax.app;
    include     nginxconfig.io/letsencrypt.conf;

    location / {
        return 301 https://drive.eax.app$request_uri;
    }
}