# For maintenance
#location / {
#  autoindex off;
#  expires -1;
#  access_log off;
#  add_header Cache-Control "public";
#  proxy_set_header X-Real-IP $remote_addr;
#  root /home/pixelpla/pixelplace-redirect/wait;
#}

include /etc/nginx/includes/certbotroot.conf;

set $test 0;
if ($cloudflare_ip != 1) {
  return 404;
}
if ($http_cf_ipcountry = "UA") {
  set $test 1;
}
if ($deny_ws) {
  set $test 1;
}
if ($allow_ws) {
  set $test 0;
}

location / {
  limit_req zone=general burst=20 delay=10;
  proxy_set_header X-Real-IP $remote_addr;
  client_max_body_size 3M;
  proxy_pass http://$ppfun$request_uri;
}

location = / {
  proxy_no_cache 1;
  if ( $query_string ) { return 403; }
  limit_req zone=captcha burst=5;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
  proxy_set_header X-Forwarded-Host $host;
  proxy_pass http://$ppfun$request_uri;
}

# for matrix
location /.well-known/matrix/client {
  return 200 '{"m.homeserver": {"base_url": "https://matrix.pixelplanet.fun"}}';
  default_type application/json;
  add_header Access-Control-Allow-Origin *;
}

# for matrix delegations
location /.well-known/matrix/server {
  return 200 '{"m.server":"matrix.pixelplanet.fun:443"}';
  default_type application/json;
  add_header Access-Control-Allow-Origin *;
}

# block adminapi
location /adminapi {
  return 403 '{"errors": ["Not allowed from nginx"]}';
  default_type application/json;
}

location ~ ^/tiles/([0-9]+)/([0-9]+)/([0-9]+)/([0-9]+).webp$ {
  proxy_no_cache 1;
  expires $extile;
  add_header Cache-Control "public";
  add_header Access-Control-Allow-Origin *;
  root /home/pixelpla/pixelplanet/tiles;
  try_files /$1/$2/$3/$4.webp /$1/emptytile.webp =404; 
}

location /chunks {
  proxy_no_cache 1;
  if ( $query_string ) { return 404; }
  limit_req zone=chunks burst=400 delay=200;
  access_log off;
  proxy_pass http://$ppfun$request_uri;
}

location /ws {
  limit_req zone=websocket burst=5;
  if ($test) {
    return 403;
  }
  proxy_http_version 1.1;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_pass http://$ppfun$request_uri;
}

location /captcha.svg {
  proxy_no_cache 1;
  limit_req zone=captcha burst=5;
  limit_req_status 429;
  if ($test) {
    return 403;
  }
  proxy_set_header X-Real-IP $remote_addr;
  proxy_pass http://$ppfun$request_uri;
}

location /reset_password {
  limit_req zone=authimp burst=3;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_pass http://$ppfun$request_uri;
}

location /mcws {
  proxy_no_cache 1;
  limit_req zone=websocket burst=5;
  proxy_http_version 1.1;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_pass http://$ppfun$request_uri;
}

location /api/auth {
  proxy_no_cache 1;
  if ($test) {
    return 403;
  }
  limit_req zone=websocket burst=5;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
  proxy_set_header X-Forwarded-Host $host;
  proxy_pass http://$ppfun$request_uri;
}

location /moderation {
  autoindex on;
  expires 15m;
  add_header Cache-Control "public";
  root /home/pixelpla/pixelplanet/log;
}