#
# Config for bondingadmin
#

include /etc/bondingadmin/nginx/upstreams.conf;

server {
        listen   [::]:80 ipv6only=off default_server;
        include /etc/bondingadmin/nginx/resolver.conf;

        # Maximum read timeout of 5 minutes to allow for longer speed tests.
        # This should be reduced when we refactor speed tests
        uwsgi_read_timeout 300s;

        gzip on;
        gzip_types text/css text/plain text/xml application/xml application/javascript application/x-javascript text/javascript application/json text/x-json;

        # Locations that are available via HTTP and HTTPS
        #
        include /etc/bondingadmin/nginx/http-locations.conf;

        # Drop HTTP requests to the API
        location /api/ {
                return 444;
        }

        # Redirect HTTP to HTTPS
        location / {
                return 301 https://$host$request_uri;
        }
}

server {
        listen   [::]:443 ipv6only=off default_server ssl;

        ssl_certificate /etc/bondingadmin/crt.pem;
        ssl_certificate_key /etc/bondingadmin/key.pem;

        ssl_session_timeout 20m;
        ssl_session_cache shared:SSL:10m;
        ssl_protocols TLSv1.2;
        ssl_ciphers AES128+EECDH:AES128+EDH:!aNULL;
        ssl_prefer_server_ciphers on;

        ssl_dhparam /etc/bondingadmin/dhparams.pem;

        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;

        include /etc/bondingadmin/nginx/resolver.conf;

        # Maximum read timeout of 5 minutes to allow for longer speed tests.
        # This should be reduced when we refactor speed tests
        uwsgi_read_timeout 300s;

        gzip on;
        gzip_types text/css text/plain text/xml application/xml application/javascript application/x-javascript text/javascript application/json text/x-json;

        # Locations that are available via HTTP and HTTPS
        #
        include /etc/bondingadmin/nginx/http-locations.conf;

        # Locations that are available via HTTPS only
        #
        include /etc/bondingadmin/nginx/https-locations.conf;

        # Django static and media
        #
        location /static/ {
                gzip_static on;
                alias /var/lib/bondingadmin/static-files/;
        }

        location /media/ {
                gzip_static on;
                alias /var/lib/bondingadmin/media/;
        }

        location / {
                root /usr/share/bondingadmin/laywire-frontend;
                try_files $uri $uri/ @frontend_index;
        }

        location @frontend_index {
                rewrite ^(.+)$ /index.html last;
        }
}
