# stuff for http block
client_max_body_size 1g;
# fix error: upstream sent too big header while reading response header from upstream
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;

upstream fpm {
	server egroupware:9000;
}

# redirects needs to use X-Forwarded-Proto too
map $http_x_forwarded_proto $redirectscheme {
    default $scheme;
    https https;
}

server {
	access_log off;

	listen 80 default_server;

	# ssl config (enable following line plus either include or ssl_certificate* line)
	#listen 443 ssl http2 default_server;
	#include snippets/snakeoil.conf;	# requires ssl-certs package installed!
	# concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem
	#ssl_certificate /etc/ssl/private/certificate.pem;
	#ssl_certificate_key /etc/ssl/private/certificate.pem;
	# HTTP Strict-Transport-Security header (start with a short max-age!)
	#add_header Strict-Transport-Security max-age=31536000;	# 31536000sec=1year

	server_name _;
	root /var/www/html;

	index index.php index.nginx-debian.html index.html index.htm;

	# other settings
	client_max_body_size 65M;

	# EGroupware installed in /usr/share/egroupware
	location ^~ /egroupware {
		alias  /usr/share/egroupware/;
		try_files $uri $uri/ =404;
		location ~ ^/egroupware(/(?U).+\.php) {
			# do not allow to call files ment to be included only
			location ~ ^$path/(vendor|[^/]+/(src|setup|inc|vendor))/ {
				return 404;
			}
			alias  /usr/share/egroupware;
			fastcgi_pass fpm;
			# added to support WebDAV/CalDAV/CardDAV
			fastcgi_read_timeout 60m;
			fastcgi_index  index.php;
			fastcgi_split_path_info ^((?U).+\.php)(.*)$;
			fastcgi_param  PATH_INFO          $fastcgi_path_info;
			fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
			# standard Nginx
			include fastcgi_params;
			fastcgi_param SCRIPT_FILENAME /usr/share/egroupware$1;
			fastcgi_param DOCUMENT_ROOT /var/www/html;
		}
		location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ {
			access_log off;
			expires 10d;
			add_header Pragma public;
			add_header Cache-Control "public";
			location ~ ^/egroupware(/.*)$ {
				alias /usr/share/egroupware/;
				try_files $1 =404;
			}
		}
	}

	# push-server
	location /egroupware/push {
		proxy_read_timeout 3600;
		proxy_http_version 1.1;
		proxy_set_header Host $http_host;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
		proxy_pass http://push:9501;
	}

	# SmallParT videos
	location /egroupware/smallpart/Resources/Videos {
	    alias /var/lib/egroupware/default/files/smallpart;
	}

	# PHP in docroot
	#location ~ \.php {
	#	fastcgi_pass fpm;
	#	include fastcgi_params;
	#}

	# phpmyadmin in /usr/share/phpmyadmin
	#location /phpmyadmin {
	#		alias  /usr/share/phpmyadmin/;
	#		try_files $uri $uri/ =404;
	#		location ~ ^/phpmyadmin(/(?U).+\.php) {
	#				alias  /usr/share/phpmyadmin;
	#				fastcgi_pass fpm;
	#				fastcgi_index  index.php;
	#				fastcgi_split_path_info ^((?U).+\.php)(.*)$;
	#				fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
	#				fastcgi_param  PATH_INFO          $fastcgi_path_info;
	#				fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
	#				# standard Nginx
	#				include fastcgi_params;
	#				fastcgi_param DOCUMENT_ROOT /var/www/html;
	#				fastcgi_param SCRIPT_FILENAME /usr/share/phpmyadmin$1;
	#		}
	#}

	# ActiveSync support
	location /Microsoft-Server-ActiveSync {
		fastcgi_pass fpm;
		# added to support WebDAV/CalDAV/CardDAV
		fastcgi_read_timeout 60m;
		fastcgi_index  index.php;
		fastcgi_split_path_info ^((?U).+\.php)(.*)$;
		fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
		fastcgi_param  PATH_INFO          $fastcgi_path_info;
		fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME /usr/share/egroupware/activesync/index.php;
	}
	# CalDAV & CardDAV autoconfig
	location ~ ^/.well-known/(caldav|carddav)$ {
		return 301 $redirectscheme://$host/egroupware/groupdav.php/;
	}
	location ~ ^(/principals/users/.*)$ {
		return 301 $redirectscheme://$host/egroupware/groupdav.php$1;
	}
	# OpenID Connect autodiscovery
	location = /.well-known/openid-configuration {
		fastcgi_pass fpm;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME /usr/share/egroupware/openid/well-known-configuration.php;
	}
	# Nginx does NOT use index for OPTIONS requests breakng WebDAV
	# for Windows, which sends OPTIONS / and stalls on Nginx 405 response!
	# This also redirects all requests to root to EGroupware.
	location = / {
		return 301 $redirectscheme://$host/egroupware/index.php;
	}
	# redirect /egroupware to /egroupware/
	location = /egroupware {
		return 301 $redirectscheme://$host/egroupware/index.php;
	}

	# Collabora sniplet meant to be included in server block of EGroupware vhost
	# static files
	location ^~ /browser {
		proxy_pass http://collabora-key:9980;
		proxy_set_header Host $http_host;
	}

	# WOPI discovery URL
	location ^~ /hosting/discovery {
		proxy_pass http://collabora-key:9980;
		proxy_set_header Host $http_host;
	}

    # Capabilities
    location ^~ /hosting/capabilities {
      proxy_pass http://collabora-key:9980;
      proxy_set_header Host $http_host;
    }

    # websockets, download, presentation and image upload
	location ^~ /cool {
		proxy_pass http://collabora-key:9980;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $http_host;
	}

	# proxy into rocketchat container
	location /rocketchat {
		proxy_pass http://rocketchat:3000;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header Host $http_host;
	}

    # Portainer: Docker GUI (needs to be enabled in docker-compose.yml too!)
    #location /portainer/ {
    #    proxy_pass http://portainer:9000/;
    #    proxy_set_header Upgrade $http_upgrade;
    #    proxy_set_header Connection "upgrade";
    #    proxy_set_header Host $http_host;
    #}
}