# Define our node ports
upstream r3-api {
    server 127.0.0.1:3104;
}

upstream php {
    server 127.0.0.1:9001;
}	

# Now define our sites
server {

	listen 443 ssl default_server;
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    ssl_certificate     /usr/share/cybafelo/r3-config/cybafelo.local.cert.pem;
    ssl_certificate_key /usr/share/cybafelo/r3-config/cybafelo.local.key.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

	client_max_body_size 20M;

    server_name ~^(?<environment>.*?)-(?<app>.*?)\.(?<host_domain>.*);

    root /usr/share/cybafelo/$app;

    location ~ \.php$ {
        
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin $http_origin;
            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
            add_header Access-Control-Allow-Headers "Authorization, Content-Type, x-authorization";
            add_header Access-Control-Allow-Credentials true;
            return 200;
        }

        add_header Access-Control-Allow-Origin $http_origin;
		add_header Access-Control-Allow-Credentials true;
		
		fastcgi_pass    php;
       	fastcgi_index   index.php;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param   SCRIPT_URL      $request_uri;
        fastcgi_param   SERVER_NAME     $http_host;
        include         fastcgi_params;
    }

    location = / {
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin $http_origin;
            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
            add_header Access-Control-Allow-Headers "Authorization, Content-Type, x-authorization";
            add_header Access-Control-Allow-Credentials true;
            return 200;
        }
        add_header Access-Control-Allow-Origin $http_origin;
		add_header Access-Control-Allow-Credentials true;
        try_files /index.html @node;
    }

	location ~ {
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin $http_origin;
            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
            add_header Access-Control-Allow-Headers "Authorization, Content-Type, x-authorization";
            add_header Access-Control-Allow-Credentials true;
            return 200;
        }
		add_header Access-Control-Allow-Origin $http_origin;
		add_header Access-Control-Allow-Credentials true;
		add_header X-Content-Type-Options "nosniff";
		try_files $uri dist/$uri @node;
	}

	location @node {
		
		add_header Access-Control-Allow-Credentials true;
        
		# WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Normal parameters
        proxy_pass_request_headers on;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;

        # Set Environment, App, and Domain
        proxy_set_header X-R3-Env $environment;
        proxy_set_header X-R3-App $app;
        proxy_set_header X-R3-Host $host_domain;

        # Pass Everything to our app
        proxy_pass http://$app;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_redirect off;
	}
}