# Sistema Cadaris - Host proxy with SSL
#
# sudo nano /etc/nginx/conf.d/virtual.conf
# sudo service nginx restart
#

## Request Limit
#limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;

## Sistema Cadaris Proxy with SSL
server {
  server_name  sistema.cadarisdigital.com.br;
  error_log    /var/log/nginx/error_sistema.log;
  access_log   /var/log/nginx/access_sistema.log;

  # CERTBOT MOCK BEGIN
#  location / {
#    index  index.html index.htm;
#    root   /var/www/html;
#  }
  # CERTBOT END

  ### Block wget user agent ###
  if ($http_user_agent ~* (wget|curl) ) {
    return 403;
  }

  # ProxyPass
  location / {
    ## Request Limit
    # limit_req zone=mylimit burst=20 nodelay;

    proxy_pass http://0.0.0.0:801;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    Host                $host;
    proxy_set_header    X-Forwarded-Host    $host;
    proxy_set_header    X-Forwarded-Port    $server_port;
  }

  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/sistema.cadarisdigital.com.br/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/sistema.cadarisdigital.com.br/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

# Force HTTPS
server {
  ### Block wget user agent ###
  if ($http_user_agent ~* (wget|curl) ) {
    return 403;
  }

  if ($host = sistema.cadarisdigital.com.br) {
    # return 301 https://$host$request_uri;
    ## Disable redirect to container/443
    return 301 https://$host;
  } # managed by Certbot

  listen       80;
  server_name  sistema.cadarisdigital.com.br;
  error_log    /var/log/nginx/error_sistema_redirect.log;
  access_log   /var/log/nginx/access_sistema_redirect.log;
  return 404; # managed by Certbot
}

## Redirect 'cadarisdigital.com.br' to 'www.cadaris.com.br'
server {
  listen       80;
  server_name  cadarisdigital.com.br;
  error_log    /var/log/nginx/error_cadaris_redirect.log;
  access_log   /var/log/nginx/access_cadaris_redirect.log;
  return 301 http://www.cadaris.com.br;
}
server {
  listen       443;
  server_name  cadarisdigital.com.br;
  error_log    /var/log/nginx/error_cadaris_redirect_ssl.log;
  access_log   /var/log/nginx/access_cadaris_redirect_ssl.log;
  return 301 https://www.cadaris.com.br;
}