{% extends "core.j2" %}

{% block location %}

## LOCATIONS
  location / {
    proxy_pass {{ item.upstream_proto }}://{{ item.upstream_name }}:{{ item.upstream_port}};
    # Add cache for static files
    if ($request_uri ~* ^/(img|css|font|js)/) {
      add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT";
      add_header Cache-Control "public, max-age=315360000";
    }
  
    # HTTPS only header, improves security
    add_header Strict-Transport-Security "max-age=15768000";

    # Really important! Lufi uses WebSocket, it won't work without this
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # If you want to log the remote port of the file senders, you'll need that
    proxy_set_header X-Remote-Port $remote_port;
    proxy_set_header X-Forwarded-Proto $scheme;

    # We expect the downstream servers to redirect to the right hostname, so don't do any rewrites here.
    proxy_redirect     off;
  }
{% endblock %}