upstream krdsh_git {
    server 127.0.0.1:3000;
}
upstream krdsh_ci {
    server 127.0.0.1:8000;
}
upstream krdsh_ci_grpc {
    server 127.0.0.1:9000;
}

proxy_cache_path
    /var/cache/angie/proxy/krdsh-git
    keys_zone=krdsh_cache_git:10m
    levels=1:2 inactive=1h;

proxy_cache_path
    /var/cache/angie/proxy/krdsh-ci
    keys_zone=krdsh_cache_ci:10m
    levels=1:2 inactive=1h;

server {
    server_name git.krd.sh ci.krd.sh;

    include snip.d/listen-http;

    access_log off;
    log_not_found off;

    root /var/www/empty;

    include snip.d/https-alt-svc;
    include snip.d/http-security-headers;

    keepalive_timeout 0;

    include snip.d/empty-favicon;

    location / {
        return 301 https://$host$uri$is_args$args;
    }
}

server {
    server_name git.krd.sh;

    include snip.d/listen-https;
    include snip.d/ssl-krd.sh;

    access_log off;
    log_not_found off;

    root /var/www/empty;

    include snip.d/http-security-headers;

    include snip.d/proxy-common-headers;
    include snip.d/proxy-accept-encoding;
    include snip.d/proxy-connection-keepalive;
    include snip.d/proxy-early-data;

    proxy_redirect  ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$  https://$1.krd.sh/$2;

    location / {
        proxy_pass http://krdsh_git;
        ## quirks
        client_max_body_size 512M;
        chunked_transfer_encoding off;
    }

    location @precache {
        proxy_pass http://krdsh_git;

        proxy_cache krdsh_cache_git;
        proxy_cache_key $uri;
        proxy_cache_valid 200 1h;
        proxy_cache_valid 30s;
        proxy_ignore_client_abort on;

        proxy_ignore_headers Cache-Control;
        proxy_hide_header Cache-Control;
        expires 2h;

        ## quirks
        chunked_transfer_encoding off;
        proxy_method GET;
        proxy_buffering on;
        proxy_temp_file_write_size 4m;
    }

    location /assets/ {
        try_files /.non-existent-uri @precache;
        # proxy_pass http://krdsh_git;
    }
}

server {
    server_name ci.krd.sh;

    include snip.d/listen-https;
    include snip.d/ssl-krd.sh;

    access_log off;
    log_not_found off;

    root /var/www/empty;

    include snip.d/http-security-headers;

    include snip.d/proxy-common-headers;
    include snip.d/proxy-accept-encoding;
    include snip.d/proxy-connection-keepalive;
    include snip.d/proxy-early-data;

    proxy_redirect  ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$  https://$1.krd.sh/$2;

    location / {
        proxy_pass http://krdsh_ci;
        ## quirks
        chunked_transfer_encoding off;
        client_max_body_size 16M;
        proxy_buffering off;
    }

    location @precache {
        proxy_pass http://krdsh_ci;

        proxy_cache krdsh_cache_ci;
        proxy_cache_key $uri;
        proxy_cache_valid 200 1h;
        proxy_cache_valid 30s;
        proxy_ignore_client_abort on;

        proxy_ignore_headers Cache-Control;
        proxy_hide_header Cache-Control;
        expires 2h;

        ## quirks
        chunked_transfer_encoding off;
        proxy_method GET;
        proxy_buffering on;
        proxy_temp_file_write_size 4m;
    }

    location /assets/ {
        try_files /.non-existent-uri @precache;
        # proxy_pass http://krdsh_ci;
    }
}

server {
    server_name ci.krd.sh;

    include snip.d/listen-grpcs;
    include snip.d/ssl-krd.sh;

    access_log off;
    log_not_found off;

    root /var/www/empty;

    include snip.d/http-security-headers;

    include snip.d/grpc-accept-encoding;

    location / {
        grpc_pass grpc://krdsh_ci_grpc;
    }
}