# vim: ft=nginx

set_real_ip_from 0.0.0.0/0;
real_ip_recursive on;
log_format lb_logs '$remote_addr ($proxy_protocol_addr) '
                   '- $remote_user [$time_local] '
                   '"$request" $status $body_bytes_sent '
                   '"$http_referer" "$http_user_agent" '
                   '($request_time $request_length $upstream_response_time)';

types_hash_max_size 2048;
include /etc/opt/rh/rh-nginx112/nginx/mime.types;

default_type application/octet-stream;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_body_temp_path /tmp/nginx 1 2;
proxy_temp_path /tmp/nginx-proxy;
fastcgi_temp_path /tmp/nginx-fastcgi;
uwsgi_temp_path /tmp/nginx-uwsgi;
scgi_temp_path /tmp/nginx-scgi;

sendfile on;

gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain text/xml text/css
           text/javascript application/x-javascript
           application/javascript image/svg+xml
           application/octet-stream;

map $proxy_protocol_addr $proper_forwarded_for {
  ""      $proxy_add_x_forwarded_for;
  default $proxy_protocol_addr;
}

map $http_x_forwarded_proto $proper_scheme {
  default $scheme;
  https   https;
}

upstream web_app_server {
    server unix:/tmp/gunicorn_web.sock fail_timeout=0;
}
upstream jwtproxy_secscan {
    server unix:/tmp/jwtproxy_secscan.sock fail_timeout=0;
}
upstream verbs_app_server {
    server unix:/tmp/gunicorn_verbs.sock fail_timeout=0;
}
upstream registry_app_server {
    server unix:/tmp/gunicorn_registry.sock fail_timeout=0;
}

# NOTE: Exposed for the _internal_ping *only*. All other secscan routes *MUST* go through
# the jwtproxy.
upstream secscan_app_server {
    server unix:/tmp/gunicorn_secscan.sock fail_timeout=0;
}


upstream build_manager_controller_server {
    server localhost:8686;
}

upstream build_manager_websocket_server {
    server localhost:8787;
}