# Reverse proxy of websocket and bosh endpoints from Ejabberd 
# Reverse proxy of http_upload for Ejabberd
# Todo: add /admin and /api endpoints

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name xmpp.example.org;

    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.org/chain.pem;


    # Ejabberd BOSH
    location /bosh {
        proxy_pass  http://localhost:5280/bosh;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
        tcp_nodelay on;
    }

    # Ejabberd websocket
    location /ws {
        proxy_pass http://localhost:5280/ws;
        proxy_http_version 1.1;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 900s;
    }
}

# http_upload
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name uploads.example.org;

    ssl_certificate /etc/letsencrypt/live/uploads.example.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/uploads.example.org/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/uploads.example.org/chain.pem;

    location /upload {
        proxy_pass  http://localhost:5280/upload;
        proxy_set_header Host "uploads.example.org";
        client_max_body_size 110M;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
        tcp_nodelay on;
   }
}