# {{ ansible_managed }}

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    server_name {{ music_domain }};

    {% if acme_bootstrap_certs %}
    include "snippets/snakeoil.conf";
    {% else %}
    ssl_certificate     "/var/lib/dehydrated/certs/{{ music_domain }}/fullchain.pem";
    ssl_certificate_key "/var/lib/dehydrated/certs/{{ music_domain }}/privkey.pem";
    {% endif %}

    {% for range in trusted_ranges %}
    allow {{ range.cidr }};
    {% endfor %}
    deny all;

    location / {
        rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
    }

    location /trollibox/ {
        proxy_pass http://[::1]:3000/;
        client_max_body_size 512M;
        include proxy_params;
    }

    location ~ ^/trollibox/(.+/events)$ {
        proxy_pass http://[::1]:3000/$1;
        include proxy_params;
        proxy_http_version 1.1;
        chunked_transfer_encoding off;
        add_header X-Test "123";
        proxy_set_header Connection '';
        proxy_buffering off;
        proxy_read_timeout 7d;
    }

    location ~ ^/trollibox/(.+/listen)$ {
        proxy_pass http://[::1]:3000/$1;
        include proxy_params;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 7d;
    }

    location /bobdsp/ {
        proxy_pass http://[::1]:8081/;
        include proxy_params;
    }

    location /vis/ {
        allow all;
        proxy_pass http://[::1]:13378/;
        include proxy_params;
    }

    location = /vis/ {
        rewrite ^(.*)$ /vis/index.html;
        include proxy_params;
    }

    include "snippets/acme.conf";
}