##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	listen 80 default_server;
	listen 443 ssl;
	ssl_certificate /etc/letsencrypt/live/eric.openfest.org/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/eric.openfest.org/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!MD5;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;
	
	if ($scheme = http) {
		return 301 https://eric.openfest.org$request_uri;
	}	
	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php5-cgi alone:
	#	fastcgi_pass 127.0.0.1:9000;
	#	# With php5-fpm:
	#	fastcgi_pass unix:/var/run/php5-fpm.sock;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}

	location /of2018status {
		stub_status on;
		access_log off;
	}

#	# disable graphite as it does not work ok with tessera in subdirectory
#	# serve static content via nginx and not uwsgi
#	location /content/ {
#		alias /opt/graphite/webapp/content/;
#	}
#
#	# fix the django/graphite bug for admin
#	# and serve via nginx
#	rewrite ^/admin(.*)admin/([^/]+)/([^/]+)\$ /media/\$2/\$3 redirect;
#	location /media/ {
#		alias /usr/local/lib/python2.7/dist-packages/django/contrib/admin/static/admin/;
#	}
#
#	# finally pass everything to uwsgi
#	location ~* ^/(graphite|metrics|dashboard|render|browser|composer) {
#		add_header Access-Control-Allow-Origin $http_origin;
#		include uwsgi_params;
#		uwsgi_pass 127.0.0.1:3031;
#	}

	# proxy nagios
	location = /nagios3 {
		return 301 /nagios3/index.php;
	}
	location = /nagios3/ {
		return 301 /nagios3/index.php;
	}

	location /nagios3/ {
		try_files $uri $uri/ =404;
		auth_basic "Nagios";
		auth_basic_user_file /etc/nagios3/htpasswd.users;

		rewrite ^/nagios3/(.*) /$1 break;

		root /usr/share/nagios3/htdocs;

		index index.php;
	}

        location /nagios3/stylesheets {
		auth_basic "Nagios";
		auth_basic_user_file /etc/nagios3/htpasswd.users;

                alias /etc/nagios3/stylesheets/;
        }

	location ~ ^/nagios3/.*\.php$ {
        	auth_basic "Nagios";
		auth_basic_user_file /etc/nagios3/htpasswd.users;

		root /usr/share/nagios3/htdocs;
		rewrite ^/nagios3/(.*) /$1 break;
		fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
		fastcgi_param  QUERY_STRING       $query_string;
		fastcgi_param  REQUEST_METHOD     $request_method;
		fastcgi_param  CONTENT_TYPE       $content_type;
		fastcgi_param  CONTENT_LENGTH     $content_length;

		fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
		fastcgi_param  REQUEST_URI        $request_uri;
		fastcgi_param  DOCUMENT_URI       $document_uri;
		fastcgi_param  DOCUMENT_ROOT      $document_root;
		fastcgi_param  SERVER_PROTOCOL    $server_protocol;
		fastcgi_param  HTTPS              $https if_not_empty;

		fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
		fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

		fastcgi_param  REMOTE_ADDR        $remote_addr;
		fastcgi_param  REMOTE_PORT        $remote_port;
		fastcgi_param  SERVER_ADDR        $server_addr;
		fastcgi_param  SERVER_PORT        $server_port;
		fastcgi_param  SERVER_NAME        $server_name;

		# PHP only, required if PHP was built with --enable-force-cgi-redirect
		fastcgi_param  REDIRECT_STATUS    200;
		fastcgi_param HTTP_PROXY "";

		fastcgi_pass php-fpm-www-pool;
	}

	location /cgi-bin/nagios3 {
		auth_basic "Nagios";
		auth_basic_user_file /etc/nagios3/htpasswd.users;
		#proxy_pass http://localhost:8081/cgi-bin/nagios3;
	}

        location ~ \.cgi$ {
        	auth_basic "Nagios";
		auth_basic_user_file /etc/nagios3/htpasswd.users;

                root /usr/lib/cgi-bin/nagios3;
                
                rewrite ^/cgi-bin/nagios3/(.*)$ /$1;
                
                include /etc/nginx/fastcgi_params;
                
                fastcgi_param AUTH_USER $remote_user;
                fastcgi_param REMOTE_USER $remote_user;
                fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/nagios3$fastcgi_script_name;
                
                fastcgi_pass fcgiwrap;
        }

	location /grafana/ {
		proxy_pass http://localhost:3000/;
		proxy_set_header   Host $host;
	}
}