# This is not a complete nginx config file, but only some snippets to show how I configured my
# installation.

# If the stream module is dynamic (nginx -V), then you have to load it manually with
load_module /usr/lib64/nginx/modules/ngx_stream_module.so;
# Also, you will probably have to install the stream module separately, if the line above fails when
# nginx starts. On Fedora, you can do it with `dnf install nginx-mod-stream` and then see its
# location with `rpm -ql nginx-mod-stream`.

stream {
    # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server
    # the tty-server tcp connection ssl proxy
    server {
        listen 4567 ssl so_keepalive=30m::10;
        proxy_pass localhost:3456;
        ssl_certificate /etc/letsencrypt/live/on.tty-share.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/on.tty-share.com/privkey.pem;
    }
}


http {
    # the tty-proxy server (tty-proxy) address
    upstream tty-proxy {
        server localhost:9000;
        keepalive 12; # number of connections to keep alive even if idle, if they are opened
    }
    log_format proxy_log_format '[$time_local] $remote_addr - $remote_user - $server_name  to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';

    # on.tty-share.com
    server {
        listen 80;
        server_name on.tty-share.com;
        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl;
        server_name on.tty-share.com;
        access_log /var/log/nginx/tty-proxy.access.log proxy_log_format;

        # https://stackoverflow.com/questions/19769072/nginx-times-out-exactly-after-60-seconds?rq=1
        # https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout
        proxy_send_timeout 1600;
        proxy_read_timeout 1600;

        location / {
            proxy_pass http://tty-proxy;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $server_name;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
        }

        # TODO: use the rigth certificates here
        ssl_certificate /etc/letsencrypt/live/on.tty-share.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/on.tty-share.com/privkey.pem;
    }
}