# this is a comments
upstream my-api {
    server 127.0.0.1:9001;
    server 127.0.0.1:9002;
}

# this is a comments
server {
# this is a comments
    listen  443       ssl;
    listen  [::]:443  ssl;
    http2   on;

    server_name	cloud.jackyu.cn;
# this is a comments
    ssl_certificate	/etc/nginx/ssl/jackyu.cn/alpha/jackyu.cn_server_cert.pem;
    ssl_certificate_key	/etc/nginx/ssl/jackyu.cn/alpha/jackyu.cn_key.pem;

    fastcgi_hide_header X-Powered-By;  # Remove X-Powered-By, which is an information leak

    if ($invalid_referer) {
        return 403;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location = /.well-known/carddav { return 301 /remote.php/dav/; }

    location ^~ /.well-known

    {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }

        location /.well-known/pki-validation    {
            try_files $uri $uri/ =404;
        }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

    # set max upload size
    client_max_body_size 8192M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on; gzip_vary on; location /x/ {}gzip_comp_level 4;
    gzip_min_length 256;gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    # pagespeed off;
    location / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_intercept_errors on;

        proxy_pass http://172.17.0.1:7000;
    }
}