worker_processes 2;
worker_rlimit_nofile 500000;
worker_shutdown_timeout 10;

events {
	worker_connections 100000; # Default: 1024
	#use epoll;
	#multi_accept on;
}

http {
	log_format no_ip    '$remote_user [$time_local] '
                        '"$request" $status $body_bytes_sent '
                        '"$http_referer" "$http_user_agent" "$gzip_ratio"';

    log_format user_agent '[$time_local] '
                           '"$http_referer" "$http_user_agent" "$gzip_ratio"';

	#limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
	limit_req_log_level warn;
	
	include		/etc/nginx/mime.types;
	include		/etc/nginx/proxy.conf;
	
	# error_map has to be at http level
	include	  /etc/nginx/error_map.conf;
	# Custom MIME definition
	types {
		text/csv	csv;
	}
	# keepalive settings
	#keepalive_requests		10;
	keepalive_timeout		10s;
	http2_idle_timeout		20s; # replaced by keepalive_timeout in 1.19.7	

	access_log off;
	#error_log /etc/nginx/logs/error.log warn;
	error_log /dev/null crit;

	upstream backend_GET {
		least_conn;
		
		#keepalive 	5;
		#server		localhost:4441;
		#server		localhost:4442;
		#server		localhost:4443;
		#server		localhost:4444;
		#server		localhost:4445;
		#server		localhost:4446;
		#server		localhost:4447;
		#server		localhost:4448;
		#server 		10.0.0.4:4441 max_fails=25 fail_timeout=20s;

		#server		10.0.0.3:4441 max_fails=25 fail_timeout=20s;
		#server		10.0.0.3:4442 max_fails=25 fail_timeout=20s;

		server		10.0.0.5:4441 max_fails=25 fail_timeout=20s;
		server		10.0.0.5:4442 max_fails=25 fail_timeout=20s;

		server		10.0.0.6:4441 max_fails=25 fail_timeout=20s;
		server		10.0.0.6:4442 max_fails=25 fail_timeout=20s;

		server		10.0.0.9:4441 max_fails=25 fail_timeout=20s;
		server		10.0.0.9:4442 max_fails=25 fail_timeout=20s;

		server		10.0.0.12:4441 max_fails=25 fail_timeout=20s;
		server		10.0.0.12:4442 max_fails=25 fail_timeout=20s;

		server		10.0.0.10:4441 max_fails=25 fail_timeout=20s;
        server		10.0.0.10:4442 max_fails=25 fail_timeout=20s;

		server		10.0.0.13:4441 max_fails=25 fail_timeout=20s;
        server		10.0.0.13:4442 max_fails=25 fail_timeout=20s;
		
		server		10.0.0.14:4441 max_fails=25 fail_timeout=20s;
        server		10.0.0.14:4442 max_fails=25 fail_timeout=20s;
		
		server		10.0.0.11:4441 max_fails=25 fail_timeout=20s;
        	server		10.0.0.11:4442 max_fails=25 fail_timeout=20s;
		
		server		10.0.0.16:4441 max_fails=25 fail_timeout=20s;
        	server		10.0.0.16:4442 max_fails=25 fail_timeout=20s;
		
		server		10.0.0.17:4441 max_fails=25 fail_timeout=20s;
        	server		10.0.0.17:4442 max_fails=25 fail_timeout=20s;

		#server		134.209.69.251:80	backup;

		#server		116.203.32.253:80	backup;
		#server		116.203.32.253:80;
	}
	upstream backend_POST {
		#server		localhost:4441;
		#server		localhost:4442;
		server		10.0.0.3:4441 max_fails=25 fail_timeout=15s;
		server		10.0.0.4:4441 max_fails=25 fail_timeout=15s;
		#server		10.0.0.3:4442;
	}
	upstream backend_db {
		server		10.0.0.4:4441 max_fails=1 fail_timeout=3s;
		#server		10.0.0.3:4441;
		#server		10.0.0.4; 
	}
	upstream backend_db_dl {
		server		10.0.0.4;
	}

	proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHEZONE:10m inactive=60m max_size=400m;
	proxy_cache_key "$scheme$request_method$host$request_uri";
	add_header X-Cache $upstream_cache_status;

	server {
		server_name sponsor.ajay.app api.sponsor.ajay.app;

		include		  /etc/nginx/error.conf;
		set_real_ip_from 10.0.0.0/24;
		real_ip_header proxy_protocol;

		location /news {
			return	301		https://blog.ajay.app/sponsorblock;
		}

		location /viewer {
			return	301		https://sb.ltn.fi;
		}

		location /test/ {
			# return			404 "";
			proxy_pass		http://10.0.0.4:4445/;
			#proxy_pass		https://sbtest.etcinit.com/;
		}

		#access_log /etc/nginx/logs/requests.log no_ip buffer=64k;

		location /api/skipSegments {
			include				/etc/nginx/cors.conf;
			#return 200 "[]";
			proxy_pass		http://backend_$request_method;
			#proxy_cache	CACHEZONE;
			#proxy_cache_valid	10s;
			#limit_req zone=mylimit;

			#access_log /etc/nginx/logs/download.log no_ip;
			gzip on;
			if ($request_method = POST) {
				access_log /etc/nginx/logs/submissions.log user_agent buffer=64k;
			}

			#proxy_read_timeout 6s;
			#proxy_next_upstream error timeout http_500 http_502;
		}

		location /api/getTopUsers {
			include				/etc/nginx/cors.conf;
			proxy_pass		http://backend_GET;
			proxy_cache		CACHEZONE;
			proxy_cache_valid	20m;
		}

		location /api/getTotalStats {
			include		 /etc/nginx/cors.conf;
			proxy_pass http://backend_POST;
			proxy_cache CACHEZONE;
			proxy_cache_valid 20m;
			#return 204;
		}

		location /api/getTopCategoryUsers {
			include				/etc/nginx/cors.conf;
			proxy_pass		http://backend_POST;
			proxy_cache		CACHEZONE;
			proxy_cache_valid	20m;
		}

		location /api/getVideoSponsorTimes {
			include		/etc/nginx/cors.conf;
			proxy_pass http://backend_GET;
		}
		
		location /api/isUserVIP {
			include		/etc/nginx/cors.conf;
			proxy_pass http://backend_GET;
		}

		location /download/ {
			#access_log /etc/nginx/logs/download.log no_ip buffer=64k;
			gzip on;
			proxy_max_temp_file_size 0;
			#proxy_cache CACHEZONE;
			#proxy_cache_valid 20m;
			#proxy_http_version 1.0;
			#gzip_types	text/csv;
			#gzip_comp_level 1;
			#proxy_buffering off;		
	

			proxy_pass http://backend_db;
      #alias		/home/sbadmin/sponsor/docker/database-export/;
			#return 307 https://rsync.sponsor.ajay.app$request_uri;
		}

		location /database {
			proxy_pass  http://backend_db;
			#return 200 "Disabled for load reasons";
		}

		location = /database.db {
			return	404 "Sqlite database has been replaced with csv exports at https://sponsor.ajay.app/database. Sqlite exports might come back soon, but exported at longer intervals.";
			#alias	/home/sbadmin/sponsor/databases/sponsorTimes.db;
			#alias	/home/sbadmin/test-db/database.db;
		}

		#location = /database/sponsorTimes.csv {
		#	alias /home/sbadmin/sponsorTimes.csv;
		#}

		#location /api/voteOnSponsorTime {
		#	return 200 "Success";
		#}
	
		#location /api/viewedVideoSponsorTime {
		#	return 200 "Success";
		#}

		location /api {
			include			/etc/nginx/cors.conf;
			proxy_pass	http://backend_POST;
		}
		
		location / {
			root	/home/sbadmin/SponsorBlockSite/public-prod;
			error_page 404 /404.html;
		}
		
		listen [::]:443 default_server ssl http2 ipv6only=on backlog=323999;
		listen 443 default_server ssl http2 reuseport backlog=3000999; # managed by Certbot
		listen 4443 default_server ssl http2 proxy_protocol reuseport backlog=3000999;
		#listen 443 http3 reuseport;
		#ssl_protocols TLSv1.2 TLSv1.3;
		listen 8081 proxy_protocol;
		port_in_redirect off;
    		ssl_certificate /home/sbadmin/certs/cert.pem;
   		ssl_certificate_key /home/sbadmin/certs/key.pem;
		#ssl_certificate /etc/letsencrypt/live/sponsor.ajay.app-0001/fullchain.pem; # managed by Certbot
		#ssl_certificate_key /etc/letsencrypt/live/sponsor.ajay.app-0001/privkey.pem; # managed by Certbot
		include				/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
		ssl_dhparam			/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	}

	server {
		server_name cdnsponsor.ajay.app;
		error_page 404 /404.html;

		#location /database/ {
		#	alias /home/sbadmin/sponsor/docker/database-export/;
		#}

		#location /download/ {
		#	alias /home/sbadmin/sponsor/docker/database-export/;
		#}

		location / {
			root /home/sbadmin/SponsorBlockSite/public-prod;
		}


		listen 443 ssl; # managed by Certbot
		ssl_certificate /home/sbadmin/certs/cert.pem;
                ssl_certificate_key /home/sbadmin/certs/key.pem;
    		#ssl_certificate /etc/letsencrypt/live/sponsor.ajay.app-0001/fullchain.pem; # managed by Certbot
    		#ssl_certificate_key /etc/letsencrypt/live/sponsor.ajay.app-0001/privkey.pem; # managed by Certbot
		include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
		ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	}

	server {
		access_log off;

		return 301 https://$host$request_uri;

		listen [::]:80 ipv6only=on;
		listen 8080 proxy_protocol;
		listen 80;
		server_name sponsor.ajay.app api.sponsor.ajay.app, cdnsponsor.ajay.app, wiki.sponsor.ajay.app;
		return 404; # managed by Certbot
	}

	server {
		server_name wiki.sponsor.ajay.app; # managed by Certbot
		
		location /.well-known/ {
			 root    /home/sbadmin/SponsorBlockSite/public-prod;
		}

		location ~* ^/index.php/(?<pagename>.*)$ {
			return 301 /w/$pagename;
		}

		location / {
			proxy_pass http://10.0.0.3:8080;
		}
		
		port_in_redirect off;
		listen [::]:443 ssl http2; 
		listen 443  ssl http2; # managed by Certbot
		listen 8081 proxy_protocol;
		#listen 443 http3 reuseport;
		#ssl_protocols TLSv1.2 TLSv1.3;
		#listen 80;
		ssl_certificate /home/sbadmin/certs/cert.pem;
   		ssl_certificate_key /home/sbadmin/certs/key.pem;
    		#ssl_certificate /etc/letsencrypt/live/sponsor.ajay.app-0001/fullchain.pem; # managed by Certbot
    		#ssl_certificate_key /etc/letsencrypt/live/sponsor.ajay.app-0001/privkey.pem; # managed by Certbot
		include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
		ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	}
}