# Default nginx configuration
user                   root;
worker_processes       auto;
daemon                 off; 

error_log              /data/logs/nginx/nginx.log error;
pid                    /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    log_format          main  '$remote_addr - $remote_user [$time_local] "$request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';
    access_log          /data/logs/nginx/access.log main;
    sendfile            on;
    keepalive_timeout   65;
    gzip                on;
    map                 $http_upgrade $connection_upgrade { default upgrade; '' close; }
    disable_symlinks   off;

    server {
        listen                               REPLACE_SERVER_PORT;
        root                                 /usr/local/share/ariang;
        index                                index.html;
        proxy_intercept_errors               off;
        add_header X-Frame-Options           "SAMEORIGIN" always;
        add_header X-XSS-Protection          "1; mode=block" always;
        add_header X-Content-Type-Options    "nosniff" always;
        add_header Referrer-Policy           "no-referrer-when-downgrade" always;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header Content-Security-Policy   "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always;

    location /jsonrpc {
        proxy_pass         http://127.0.0.1:6800/jsonrpc;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection "upgrade";
        proxy_read_timeout 86400;
    }

    location /rpc {
        proxy_pass         http://127.0.0.1:6800/jsonrpc;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection "upgrade";
        proxy_read_timeout 86400;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location /nginx_status {
        stub_status;
    }

    location /health {
        default_type text/html;
        allow all;
        access_log off;
        return 200 'OK';
    }

    location /health/json {
        default_type application/json;
        allow all;
        access_log off;
        return 200 '{"status":"OK"}';
    }
    }
}