# This is included as an example of a config file that works for the site. This is important so that anyone can re-host it in the event of something going wrong with the main site.
# The main takeaways from this config file are the redirects, everything is relatively bog standard.

server {
    listen       80;

    # Specify this vhost's domain name
    server_name dlsrc.getmonero.org downloads.getmonero.orgdlsrc.monero.mu downloads.monero.mu downloads.monero.cc;
    return 301 https://$server_name$request_uri;
}
server {
    listen       80;
    listen       443 ssl http2;

    ssl_certificate      /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key  /etc/ssl/private/ssl-cert-snakeoil.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers   on;

    # Specify this vhost's domain name
    server_name updates.getmonero.org dlsrc.getmonero.org downloads.getmonero.org updates.monero.mu dlsrc.monero.mu downloads.monero.mu downloads.monero.cc;
    root /var/www/downloads.getmonero.org/webroot;
    index index.php index.html index.htm;

    # Specify log locations for current site
    access_log off;
    error_log /var/log/nginx/default-site.log warn;

    # Let's not give away too much info:
    error_page 403 = 404;

    # These are the restrictions I generally have on
    # Disable logging for favicon
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    # Disable logging for robots.txt
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~* \.(ico|css|js|gif|jpe?g|png)$
    {
        expires 31536000s;
        access_log off;
        log_not_found off;
        add_header Pragma public;
        add_header Cache-Control "max-age=31536000, public";
    }

    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
    # End of general restrictions

    # Downloads!
    location /win64 {
        rewrite ^ /cli/monero-win-x64-v0.13.0.2.zip redirect;
    }

    location /win32 {
        rewrite ^ /cli/monero-win-x86-v0.13.0.2.zip redirect;
    }

    location /mac64 {
        rewrite ^ /cli/monero-mac-x64-v0.13.0.2.tar.bz2 redirect;
    }

    location /linux64 {
        rewrite ^ /cli/monero-linux-x64-v0.13.0.2.tar.bz2 redirect;
    }

    location /linux32 {
        rewrite ^ /cli/monero-linux-x86-v0.13.0.2.tar.bz2 redirect;
    }

    location /linuxarm7 {
        rewrite ^ /cli/monero-linux-armv7-v0.13.0.2.tar.bz2 redirect;
    }

    location /linuxarm8 {
        rewrite ^ /cli/monero-linux-armv8-v0.13.0.2.tar.bz2 redirect;
    }

    location /freebsd64 {
        rewrite ^ /cli/monero-freebsd-x64-v0.13.0.2.tar.bz2 redirect;
    }

    location /dragonflybsd64 {
        rewrite ^ /cli/monero-dragonflybsd-x64-v0.13.0.2.tar.bz2 redirect;
    }

    # GUI downloads
    location /gui/win64 {
        rewrite ^ /gui/monero-gui-win-x64-v0.13.0.2.zip redirect;
    }

    location /gui/mac64 {
        rewrite ^ /gui/monero-gui-mac-x64-v0.13.0.2.tar.bz2 redirect;
    }

    location /gui/linux64 {
        rewrite ^ /gui/monero-gui-linux-x64-v0.13.0.2.tar.bz2 redirect;
    }

    location /gui/linux32 {
        rewrite ^ /gui/monero-gui-linux-x86-v0.13.0.2.tar.bz2 redirect;
    }

    # Other download redirects
    location /cli/win64 {
        rewrite ^ /win64 permanent;
    }

    location /cli/win32 {
        rewrite ^ /win32 permanent;
    }

    location /cli/mac64 {
        rewrite ^ /mac64 permanent;
    }

    location /cli/linux64 {
        rewrite ^ /linux64 permanent;
    }

    location /cli/linux32 {
        rewrite ^ /linux32 permanent;
    }

    location /cli/linuxarm7 {
        rewrite ^ /linuxarm7 permanent;
    }

    location /cli/linuxarm8 {
        rewrite ^ /linuxarm8 permanent;
    }

    location /cli/freebsd64 {
        rewrite ^ /freebsd64 permanent;
    }

    location /cli/dragonflybsd64 {
        rewrite ^ /dragonflybsd64 permanent;
    }

    location /win {
        rewrite ^ /win64 permanent;
    }

    location /mac {
        rewrite ^ /mac64 permanent;
    }

    location /linux {
        rewrite ^ /linux64 permanent;
    }

    location /freebsd {
        rewrite ^ /freebsd64 permanent;
    }

    location /dragonflybsd {
        rewrite ^ /dragonflybsd64 permanent;
    }

    location /arm {
        rewrite ^ /linuxarm7 permanent;
    }

    location /arm64 {
        rewrite ^ /linuxarm8 permanent;
    }

    location /arm7 {
        rewrite ^ /linuxarm7 permanent;
    }

    location /arm8 {
        rewrite ^ /linuxarm8 permanent;
    }

    location /monero.win.x64.latest.zip {
        rewrite ^ /win64 permanent;
    }

    location /monero.win.x32.latest.zip {
        rewrite ^ /win32 permanent;
    }

    location /monero.mac.x64.latest.tar.bz2 {
        rewrite ^ /mac64 permanent;
    }

    location /monero.linux.x64.latest.tar.bz2 {
        rewrite ^ /linux64 permanent;
    }

    location /monero.linux.x86.latest.tar.bz2 {
        rewrite ^ /linux86 permanent;
    }

    location /monero.linux.arm7.latest.tar.bz2 {
        rewrite ^ /linuxarm7 permanent;
    }

    location /monero.linux.arm8.latest.tar.bz2 {
        rewrite ^ /linuxarm8 permanent;
    }

    location /monero.freebsd.x64.latest.tar.bz2 {
        rewrite ^ /freebsd64 permanent;
    }

    location /monero.dragonflybsd.x64.latest.tar.bz2 {
        rewrite ^ /dragonflybsd64 permanent;
    }

    location / {
        try_files $uri $uri/ $uri.php $uri.htm $uri.html =404;
        index index.html index.htm index.php;
#    	post_action @download_complete;
    }

#    location @download_complete {
#	resolver 8.8.8.8;
#	proxy_pass http://statcounter.monero.cc/stat_counter.php?zz=yy&status=$request_completion&uri=$uri&remote_addr=$remote_addr&http_x_forwarded_for=$http_x_forwarded_for&body_bytes_sent=$body_bytes_sent&request_time=$request_time&scheme=$scheme&server_name=$server_name&http_user_agent=$http_user_agent;
#	internal;
#    }

    # Block for processing PHP files
    # Specifically matches URIs ending in .php
    location ~ \.php$ {
        try_files $uri =404;

        # Fix for server variables that behave differently under nginx/php-fpm than typically expected
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # Include the standard fastcgi_params file included with nginx
        include fastcgi_params;
        fastcgi_param  PATH_INFO        $fastcgi_path_info;
        fastcgi_index index.php;
        # Override the SCRIPT_FILENAME variable set by fastcgi_params
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        # Pass to upstream PHP-FPM; This must match whatever you name your upstream connection
        fastcgi_pass phpfpm;
    }

}