# nginx site proxy example for standard ports 80/http, 443/https (put to ``/etc/nginx/sites-enabled/``)
#
# Delivers APT repositories (for APT) directly from nginx (http or https)
# Redirects (other) http to https
# For SSL keys, uses recommended paths as used by ``mini-buildd-self-signed-certificate``
# The only thing below that absolutely needs to be adapted is 'server_name': Use same value as you use for ``mini-buildd --hostname=foo.bar.net``

server {
	# Common
	charset utf-8;
	default_type text/plain;
	types {
		application/gzip gz;
		application/x-bzip bz2;
		application/x-xz xz;
		application/vnd.debian.binary-package deb;
		application/vnd.debian.binary-package udeb;
	}
	large_client_header_buffers 4 32k;
	location ~ ^/repositories/(?<mini_buildd_dist>[-a-z0-9]+)/(?<mini_buildd_dir>(pool|dists))/(?<path>.*) {
		autoindex on;
		alias /var/lib/mini-buildd/repositories/$mini_buildd_dist/$mini_buildd_dir/$path;
	}
	server_name Replace with value given for mini-buildd --hostname;

	# Custom
	listen 80 default_server;

	location / {
		return 302 https://$server_name$request_uri;
	}
}

server {
	# Common
	charset utf-8;
	default_type text/plain;
	types {
		application/gzip gz;
		application/x-bzip bz2;
		application/x-xz xz;
		application/vnd.debian.binary-package deb;
		application/vnd.debian.binary-package udeb;
	}
	large_client_header_buffers 4 32k;

	location ~ ^/repositories/(?<mini_buildd_dist>[-a-z0-9]+)/(?<mini_buildd_dir>(pool|dists))/(?<path>.*) {
		autoindex on;
		alias /var/lib/mini-buildd/repositories/$mini_buildd_dist/$mini_buildd_dir/$path;
	}
	server_name Replace with value given for mini-buildd --hostname;

	# Custom
	listen 443 ssl default_server;
	ssl_certificate /etc/ssl/mini-buildd/certs/mini-buildd.crt;
	ssl_certificate_key /etc/ssl/mini-buildd/private/mini-buildd.key;
	ssl_protocols TLSv1.2 TLSv1.3;

	location / {
		proxy_pass http://127.0.0.1:8066;
		proxy_read_timeout          7200;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Host $server_name;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-Proto $scheme;

		proxy_buffer_size          128k;
		proxy_buffers              4 256k;
		proxy_busy_buffers_size    256k;
	}
}
