add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

{app_upstream}

upstream kibana {
    server localhost:5601;
}

upstream openviduserver {
    server localhost:5443;
}

{redirect_www_ssl}

server {
    # Redirect to https
    if ($host = {domain_name}) {
        rewrite ^(.*) https://{domain_name}:{https_port}$1 permanent;
    } # managed by Certbot
    
    {redirect_www}

    listen {http_port} default_server;
    server_name {domain_name};

    # letsencrypt
    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
    }

    # Kibana panel
    location /kibana {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        
        rewrite ^/kibana/(.*)$ /$1 break;
        proxy_pass http://kibana/;
    }

    {nginx_status}
}

server {
    listen {https_port} ssl default deferred;
    server_name {domain_name};

    {ssl_config}
    
    {proxy_config}

    {app_config}

    ########################
    # OpenVidu Locations   #
    ########################
    {common_api_pro}

    {deprecated_api_pro}

    {new_api_pro}

    #################################
    # LetsEncrypt                   #
    #################################

    location /.well-known/acme-challenge {
        root /var/www/certbot;
        try_files $uri $uri/ =404;
    }
}