worker_processes {{ param_nginx_frontend['nb_workers'] }};

pid {{ param_nginx_frontend['path_pid'] }};
error_log {{ param_nginx_frontend['path_error_log'] }};

daemon off;

events {
	worker_connections 1024;
	accept_mutex off;
}

http {
     default_type application/octet-stream;
     access_log {{ param_nginx_frontend['path_access_log'] }} combined;
     map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
     }
     server {
        listen {{ param_nginx_frontend['local-ip'] }}:{{ param_nginx_frontend['port'] }};
        server_name _;

        keepalive_timeout 90s;
        client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
        proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
        fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
        uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }};
        scgi_temp_path {{ param_tempdir['scgi_temp_path'] }};
        location / {
            auth_basic  "Restricted";
            auth_basic_user_file   {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
            proxy_pass  http://{{ param_nginx_frontend['cloud9-ip'] }}:{{ param_nginx_frontend['cloud9-port'] }};
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            proxy_redirect off;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header        Host            $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
     server {
        listen [{{ param_nginx_frontend['global-ip'] }}]:{{ param_nginx_frontend['global-port'] }} ssl;
        server_name _;
        ssl_certificate     {{ param_nginx_frontend['ssl-certificate'] }};
        ssl_certificate_key {{ param_nginx_frontend['ssl-key'] }};
        ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        keepalive_timeout 90s;
        client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
        proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
        fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
        uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }};
        scgi_temp_path {{ param_tempdir['scgi_temp_path'] }};
	error_page 401 /login;
        location / {
            auth_basic "Restricted";
            auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
            proxy_redirect off;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $http_host;
            proxy_set_header X-Accel-Mapping /private/;

            proxy_pass http://unix:{{ socket }};
        }
        location ~ ^(/login|/doLogin|/static|/setAccount|/configAccount|/slapgridResult) {
            proxy_redirect off;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $http_host;
            proxy_set_header X-Accel-Mapping /private/;

            proxy_pass http://unix:{{ socket }};
        }
	location /shellinabox {
            proxy_pass  http://[{{ param_nginx_frontend['global-ip'] }}]:{{ shellinabox_port }}/;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            auth_basic "Restricted";
            auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
            proxy_redirect off;
            proxy_buffering off;
            proxy_set_header        Host              $host;
            proxy_set_header        X-Real-IP         $remote_addr;
	    proxy_set_header        X-Forwarded-Proto $scheme;
            proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
	    proxy_set_header        X-Forwarded-Host  $http_host;
	}
    }
}