server_tokens off;

server {
    listen 80;
    listen [::]:80;

    server_name sg phus.lu cloud.phus.lu;

    access_log /var/log/nginx/phus_lu.log;
    error_log /var/log/nginx/phus_lu.error.log;

    charset utf-8;
    server_tokens off;
    client_max_body_size 128M;
    index index.html index.php;
    root /home/phuslu/web;
    disable_symlinks off;

    add_header Link '<https://phus.lu/avatar.png>; rel="icon"; type="image/png"';
    add_header Strict-Transport-Security "max-age=0";
    #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

    add_header cache-control "no-cache";
    add_header access-control-allow-origin "*";
    add_header referrer-policy "no-referrer";
    add_header x-content-type-options nosniff;
    add_header x-xss-protection "1; mode=block";
    add_header x-frame-options sameorigin;
    #add_header x-robots-tag "noindex, nofollow";

    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_types text/plain text/xml text/css application/javascript application/json;

    location = / {
        if ($http_x_forwarded_proto != https) {
            return 301 https://$http_host$request_uri;
        }
        add_header link '<https://cdnjs.cloudflare.com/>; rel="dns-prefetch"';
        autoindex       on;
        autoindex_localtime on;
        autoindex_exact_size off;
        add_after_body /autoindex.html;
    }

    location = /pub {
        default_type text/plain;
        add_header x-ssh-import "curl -sS phus.lu/pub | tee -a  ~/.ssh/authorized_keys";
        try_files /pub =404;
    }

    location = /liner {
        default_type text/plain;
        try_files /liner/get.sh =404;
    }

    location = /ncsi.txt {
        return 200 "Microsoft NCSI";
    }

    location = /generate_204 {
        return 204 "";
    }

    location = /zoom {
        #return 302 "https://us04web.zoom.us/wc/join/7760708665?pwd=eEdvOWZJSXZPMnRGVXRTREtCREc0dz09";
        return 302 "https://us04web.zoom.us/j/7760708665?pwd=eEdvOWZJSXZPMnRGVXRTREtCREc0dz09";
    }

    location = /jsonp {
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME /home/phuslu/web/server/jsonp.php;
        include fastcgi_params;
    }

    location = /metrics {
        proxy_pass http://127.0.0.1:9100;
        proxy_http_version 1.1;
    }

    location = /aria2/jsonrpc {
        rewrite /aria2/(.*) /$1  break;
        proxy_pass http://127.0.0.1:6800;
        proxy_http_version 1.1;
    }

    location = /derp {
        proxy_pass http://127.0.0.1:3478;
        proxy_http_version 1.1;
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }

    location ~ ^/(grafana|jellyfin|jupyter|lxde|metube|navidrome|webshell)/ {
        proxy_pass http://$1.internal;
        proxy_http_version 1.1;
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header X-Forwarded-Proto "https";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 180;
        proxy_connect_timeout 180;
        proxy_send_timeout 180;
        send_timeout 180;
    }

    location ~ ^/(yt-dlp)/(.*)$ {
        proxy_pass http://$1.internal/$2;
        proxy_http_version 1.1;
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header X-Forwarded-Proto "https";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 180;
        proxy_connect_timeout 180;
        proxy_send_timeout 180;
        send_timeout 180;
    }

    location ~ "^/(get|((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4})$" {
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME /home/phuslu/web/server/ip.php;
        include fastcgi_params;
    }

    location ~ ^/(.htpasswd|z/)$ {
        auth_basic "Log in to continue";
        auth_basic_user_file /home/phuslu/web/.htpasswd;
        autoindex       on;
        autoindex_localtime on;
        autoindex_exact_size off;
        add_after_body /autoindex.html;
    }

    location /tmp/ {
        alias /tmp/;
    }

    location ~ ^/speech/.+\.md$ {
        default_type text/html;
        add_after_body /code/markdown.html;
    }

    #location ~* \.(mmdb)$ {
    #    return 403;
    #}

    location ~* \.(ico|css|gif|jpeg|jpg|png|woff|ttf|otf|svg|woff2|eot)$ {
        expires 1d;
        access_log off;
        add_header Pragma public;
    }

    location ~ \.(md|log|pac|keys|lua|json|yaml|toml|conf|cmd|sh|bash|h|c|cpp|hpp|py|go|service|dockerfile)$ {
        default_type text/plain;
    }

    location ~ ^/(bashrc|vimrc|server/ipinfo)$ {
        default_type text/plain;
    }

    location ~ "^/notes/([a-zA-Z0-9_-]{1,})$" {
        try_files $uri /notes/index.php?note=$1;
    }

    location ~ ^/(tz.php|upload/upload.php|notes/index.php)$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS on;
        include fastcgi_params;
    }

    location ~ ^/(github.com)/(.+?)$ {
        proxy_pass https://$1/$2;
        proxy_http_version 1.1;
        proxy_set_header Host $1;
        proxy_read_timeout 180;
        proxy_connect_timeout 180;
        proxy_send_timeout 180;
        send_timeout 180;
    }

    location ~ ^(.*)/$ {
        autoindex       on;
        autoindex_localtime on;
        autoindex_exact_size off;
        add_after_body /autoindex.html;
    }
}