# Example nginx virtual host config
#
# The directory structure for this Nginx configuration example is following
# my `nginx-kickstart` project. For more information, please refer to
# https://github.com/ditatompel/nginx-kickstart.
#
# NOTE: the `listen http2` directive is  not set because it is deprecated since
# Nginx v1.25.x.
upstream xmr_remote_nodes_app {
    keepalive 8;
    server 127.0.0.1:18901;
}

server {
    if ($host = xmr.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name xmr.example.com;
    root /srv/http/default;
    access_log off;
    location /.well-known/acme-challenge/ { allow all; }
    location / { return 301 https://$host$request_uri; }
}

server {
    server_name xmr.example.com;
    listen 443 ssl;

    ssl_certificate /etc/nginx/certs/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/privkey.pem;

    # See https://github.com/ditatompel/nginx-kickstart/blob/main/etc/nginx/snippets/ssl-params.conf
    include /etc/nginx/snippets/ssl-params.conf;

    error_log /var/log/nginx/xmr.example.com.error.log;

    root /srv/http/default;
    index index.html;

    add_header X-Permitted-Cross-Domain-Policies none;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Download-Options noopen;

    location = /robots.txt {
        log_not_found off;
        access_log    off;
        proxy_set_header   Connection "";
        proxy_http_version 1.1;
        proxy_pass         http://xmr_remote_nodes_app/robots.txt;
    }

    location ~* \.(?:ico|css|js|gif|jpe?g|png|webp|ttf|woff|woff2|svg|eot)$ {
        access_log off;
        expires max;
        add_header Pragma public;
        add_header Cache-Control "public";
        proxy_set_header Connection "";
        proxy_http_version 1.1;
        proxy_pass         http://xmr_remote_nodes_app;
    }

    location / {
        proxy_set_header   Host $http_host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        # For keepalive, the proxy_http_version directive should be set to “1.1”
        # and the “Connection” header field should be cleared.
        proxy_set_header Connection "";
        proxy_http_version 1.1;
        proxy_pass         http://xmr_remote_nodes_app/;
    }
}

# vim: ft=nginx ts=4 sw=4 et