user  www;
worker_processes  6;
timer_resolution 500ms;

events {
	worker_connections  1024;
	use kqueue;
}


http {
	default_type  application/octet-stream;
	include       /usr/local/etc/nginx/mime.types;

	#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
	#                  '$status $body_bytes_sent "$http_referer" '
	#                  '"$http_user_agent" "$http_x_forwarded_for"';

	access_log  /var/log/nginx/access.log;

	sendfile	on;
	tcp_nopush	on;
	aio	on;

	keepalive_timeout  65;

	gzip  	on;
	gzip_min_length  1100;
	gzip_buffers     4 8k;
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

	ssl_dhparam /usr/local/etc/nginx/dhparam.pem;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ecdh_curve X25519:P-521:P-384:P-256;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384";
	ssl_session_cache shared:SSL:10m;

	ssl_session_timeout 15m;
	ssl_session_tickets off;

	map $scheme $php_https { default off; https on; }
	server {
		http2 on;
		listen 80 ;
		listen [::]:80 ;
		server_name  dmarec.fr;
		error_page   500 502 503 504  /50x.html;
		include dropall.conf;
		include nobot.conf;
		location = /50x.html {
			root   /usr/local/www/nginx-dist;
		}
		location /files {
			alias /usr/local/www/files;
		}
		include grav.conf;
	}
	server {
		http2 on;
		listen [::]:443 ssl;
		listen 443 ssl ;
		server_name dmarec.fr;
		include dropall.conf;
		include nobot.conf;

		ssl_certificate /usr/local/etc/letsencrypt/live/dmarec.fr/fullchain.pem;
		ssl_certificate_key /usr/local/etc/letsencrypt/live/dmarec.fr/privkey.pem;
		# redirect server error pages to the static page /50x.html
		#
		error_page   500 502 503 504  /50x.html;
		#root /usr/local/www/nginx;
		location = /50x.html {
			root   /usr/local/www/nginx-dist;
		}

		location /files {
			alias /usr/local/www/files;
		}
		include grav.conf;
	}
	server {
		http2 on;
		listen [::]:80 accept_filter=httpready;
		listen 80 accept_filter=httpready;
		server_name wiki.fug-fr.org ;
		include nobot.conf;
		root /jails/php/usr/local/www/dokuwiki;
		index doku.php index.html;
		#Enforce https for logins, admin
		if ($args ~* do=(log|admin|profile)) {
			rewrite ^ https://$host$request_uri? redirect;
		}
		include dokuwiki.conf;
	}

	server {
		http2 on;
		listen [::]:443 ssl accept_filter=httpready;
		listen 443 ssl accept_filter=httpready;
		server_name wiki.fug-fr.org ;
		include nobot.conf;
		root /jails/php/usr/local/www/dokuwiki;
		index doku.php;
		ssl_certificate /usr/local/etc/letsencrypt/live/wiki.fug-fr.org/fullchain.pem;
		ssl_certificate_key /usr/local/etc/letsencrypt/live/wiki.fug-fr.org/privkey.pem;
		keepalive_requests    10;
		keepalive_timeout     60 60;
#		if ($args ~* (do=show|^$)){
#			rewrite ^ http://$host$request_uri? redirect;
#		}
		include dokuwiki.conf;
	}
	server {
		http2 on;
		listen [::]:443 ssl;
		listen 443 ssl;
		server_name forge.dmarec.fr;
		ssl_certificate /usr/local/etc/letsencrypt/live/forge.dmarec.fr/fullchain.pem;
		ssl_certificate_key /usr/local/etc/letsencrypt/live/forge.dmarec.fr/privkey.pem;
		keepalive_requests    10;
		keepalive_timeout     60 60;

		location / {
			proxy_pass http://192.168.0.25:3000/;
		}
	}

}