# You may add here your
# server {
#	...
# }
# statements for each of your virtual hosts to this file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

upload_progress fwupdate 1M;

server {
	#listen   80; ## listen for ipv4; this line is default and implied
	#listen   [::]:80 default_server ipv6only=on; ## listen for ipv6

	root /var/www;

	gzip on;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_min_length 1200;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/font-woff image/svg+xml;

	# Make site accessible from http://localhost/
	server_name localhost;

	location / {
		index index.html;
		try_files $uri $uri/ /index.html;
                auth_basic "Restricted Content";
                auth_basic_user_file /etc/nginx/.htpasswd;
              #  return 200 '{hello}';
              #  proxy_set_header Authorization "";
              #  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              #  proxy_set_header X-Forwarded-Proto $scheme;
              #  proxy_set_header X-Real-IP $remote_addr;
              #  proxy_set_header Host $http_host;
              #  proxy_pass http://127.0.0.1:2246; 
		add_header Cache-Control "no-store, no-cache, must-revalidate";
	}

	location ~* \.(js|jpg|jpeg|gif|png|svg|css)$ {
		add_header Cache-Control "max-age=31536000";
	}

    location /api/check {

        limit_except GET {
            deny all;
        }

        fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/check.sh;
        fastcgi_param HTTP_SCHEME $scheme;
        fastcgi_param SCRIPT_NAME check.sh;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;

    }

    location /fwupdate/download/rootfs {

        limit_except GET {
            deny all;
        }

        fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/download_rootfs.sh;
        fastcgi_param SCRIPT_NAME download_rootfs.sh;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
        fastcgi_request_buffering off;  # to allow stream-downloading via backend

    }

    location /fwupdate/download/configs {

        limit_except GET {
            deny all;
        }

        fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/download_configs.sh;
        fastcgi_param SCRIPT_NAME download_configs.sh;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
        fastcgi_request_buffering off;  # to allow stream-downloading via backend

    }

    location /fwupdate/download/everything {

        limit_except GET {
            deny all;
        }

        fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/download_everything.sh;
        fastcgi_param SCRIPT_NAME download_everything.sh;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
        fastcgi_request_buffering off;  # to allow stream-downloading via backend

    }

	location /fwupdate/upload {
		limit_except POST {
			deny all;
		}
		client_body_buffer_size 128K;
		client_max_body_size 1000M;

		gzip off;

		fastcgi_param UPLOADS_DIR /var/www/uploads;
		fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/fwupdate_upload.py;
		fastcgi_param SCRIPT_NAME fwupdate_upload.py;
		fastcgi_param QUERY_STRING $query_string;
		fastcgi_param REQUEST_METHOD $request_method;
		fastcgi_param CONTENT_TYPE $content_type;
		fastcgi_param CONTENT_LENGTH $content_length;
		fastcgi_param REQUEST_URI $request_uri;
		fastcgi_pass unix:/var/run/fcgiwrap.socket;
		fastcgi_request_buffering off;  # to allow stream-downloading via backend

		track_uploads fwupdate 5s;
	}

	location /fwupdate/factoryreset {
		limit_except POST {
			deny all;
		}
		gzip off;

		fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/factory_reset.py;
		fastcgi_param SCRIPT_NAME factory_reset.py;
		fastcgi_param QUERY_STRING $query_string;
		fastcgi_param REQUEST_METHOD $request_method;
		fastcgi_param CONTENT_TYPE $content_type;
		fastcgi_param CONTENT_LENGTH $content_length;
		fastcgi_param REQUEST_URI $request_uri;
		fastcgi_pass unix:/var/run/fcgiwrap.socket;
	}

	location /fwupdate/progress {
		report_uploads fwupdate;
	}

	location /mqtt {
	    proxy_pass http://127.0.0.1:18883;
	    proxy_http_version 1.1;
	    proxy_set_header Upgrade $http_upgrade;
	    proxy_set_header Connection upgrade;
	}
}