upstream jellyfin {
  server {{ env "NOMAD_UPSTREAM_ADDR_jellyfin" }};
}

upstream zigbee2mqtt {
  server {{ env "NOMAD_UPSTREAM_ADDR_zigbee2mqtt" }};
}

upstream home-assistant {
  server {{ env "NOMAD_UPSTREAM_ADDR_home-assistant" }};
}

upstream syncthing {
  server {{ env "NOMAD_UPSTREAM_ADDR_syncthing" }};
}

upstream baikal {
  server {{ env "NOMAD_UPSTREAM_ADDR_baikal" }};
}

server {
  listen 8096;

  server_name _;

  include /local/security.conf;

  client_max_body_size 100M;

  location /jellyfin/ {
     # Proxy main Jellyfin traffic

     # The / at the end is significant.
     # https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/

     proxy_pass http://jellyfin/jellyfin/;

     proxy_pass_request_headers on;

     proxy_set_header Host $host;

     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-Forwarded-Host $http_host;

     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection $http_connection;

     # Disable buffering when the nginx proxy gets very resource heavy upon streaming
     proxy_buffering off;
  }

  location /syncthing/ {
    include /local/headers.conf;

    proxy_pass http://syncthing/;
  }

  location ~ "^/(static/icons/|static/fonts/|static/translations/|static/images/|static/panels/|static/polyfills|api/|auth/|frontend_latest/|frontend_es5/|local/|lovelace|map|config|developer-tools|history|logbook|profile|states|hassio|onboarding.html|service_worker.js|authorize.html|manifest.json)" {
    include /local/headers.conf;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_pass http://home-assistant;
  }

  location /home-assistant {
    include /local/headers.conf;

    rewrite /home-assistant/(.*) /$1 break;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_pass http://home-assistant;
  }

  location /zigbee2mqtt/ {
    include /local/headers.conf;

#    rewrite /zigbee2mqtt/(.*) /$1 break;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_pass http://zigbee2mqtt/;
  }

  location /baikal/ {
    include /local/headers.conf;

#    rewrite /baikal/(.*) /$1 break;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_pass http://baikal/;
  }
}

server {
  listen 80;

  server_name _;

  include /local/security.conf;

  client_max_body_size 100M;

  location /jellyfin/ {
     # Proxy main Jellyfin traffic

     # The / at the end is significant.
     # https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/

     proxy_pass http://jellyfin/jellyfin/;

     proxy_pass_request_headers on;

     proxy_set_header Host $host;

     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-Forwarded-Host $http_host;

     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection $http_connection;

     # Disable buffering when the nginx proxy gets very resource heavy upon streaming
     proxy_buffering off;
  }
}