upstream kowl {
  server 172.20.24.171:8080;
}

server {
  listen 80;
  server_name kowl.prd.eveus.com;

  # SSL is enabled forcefully
  location / {
    rewrite ^(.*)$ https://$host$1 permanent;
  }
}

server {
  listen 443 ssl;
  server_name kowl.prd.eveus.com;

  ssl_certificate      /etc/nginx/keys/wild.eveus.com/fullchain.pem;
  ssl_certificate_key  /etc/nginx/keys/wild.eveus.com/privkey.pem;
  # enable OCSP stapling
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers   on;
  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:!aNULL:!MD5:!DSS:!EDH;


  location ~ /api/topics/(.*)/messages$ {
    proxy_pass                              http://kowl;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;


    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  location / {
    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;

    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
    chunked_transfer_encoding on;

    proxy_pass http://kowl;
    proxy_set_header SSL_CLIENT_CERT $a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$u$v$w$x$y$z;
    proxy_set_header Host               $host;
    proxy_set_header X-Real-IP          $remote_addr;
    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto  $scheme;
    #proxy_set_header Authorization          "";
    #auth_basic "Access Eveus";
    #auth_basic_user_file /etc/nginx/keys/htpasswd;
  }
}