# The simController nginx reverse proxy uses the latest dockerhub nginx:alpine container image. 
#
# The reverse proxy container is given a volume that maps the AWS instance's /home/core/lb-conf/ 
# to the container's /etc/nginx/conf/ This directory contains the reverse proxy's configuration.
#  
# The container is given the -c /etc/nginx/conf/nginx.conf command flag to configure it to read nginx.conf 
# from the config volume its been given.
#
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    server_names_hash_bucket_size 128;	
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;

    server {
        listen 80;
        return 301 https://$host$request_uri;
    }
	
    server {
        listen                    8443 ssl http2;
        server_name               controller-1.shivaram-1.tenants.servicefractal.com;
        ssl_certificate           /etc/nginx/conf/controller-1.shivaram-1.tenants.servicefractal.com.cert.pem;
        ssl_certificate_key       /etc/nginx/conf/controller-1.shivaram-1.tenants.servicefractal.com.key.pem;
        ssl_client_certificate    /etc/nginx/conf/shivaram-1.tenants.servicefractal.com-ca-chain.cert.pem;
        ssl_protocols             TLSv1.2;
        ssl_ciphers               HIGH:!aNULL:!MD5;
        ssl_verify_client         optional;
        ssl_verify_depth          5;
        ssl_dhparam               /etc/nginx/conf/dhparam.pem;
        ssl_prefer_server_ciphers on;
        
        access_log /var/log/nginx/access.log;

        location / {
            proxy_pass            http://localhost:8080;
            proxy_http_version    1.1;
            proxy_connect_timeout 10s;
            proxy_read_timeout    60s;
	    }
    }
}