# c[e4]?.ppy.sh is used for bancho
# osu.ppy.sh is used for /web, /api, etc.
# a.ppy.sh is used for osu! avatars

upstream bancho {
    server 127.0.0.1:${APP_PORT};
}

server {
	listen 443 ssl;
	server_name c.${DOMAIN} ce.${DOMAIN} c4.${DOMAIN} osu.${DOMAIN} b.${DOMAIN} api.${DOMAIN};
	client_max_body_size 20M;

	ssl_certificate     ${SSL_CERT_PATH};
	ssl_certificate_key ${SSL_KEY_PATH};
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:@SECLEVEL=1";

	location / {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Real-IP  $remote_addr;
		proxy_set_header Host $http_host;
		add_header Access-Control-Allow-Origin *;
		proxy_redirect off;
		proxy_pass http://bancho;
	}
}

server {
	listen 443 ssl;
	server_name assets.${DOMAIN};

	ssl_certificate     ${SSL_CERT_PATH};
	ssl_certificate_key ${SSL_KEY_PATH};
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:@SECLEVEL=1";

	location / {
		default_type image/png;
		root ${DATA_DIRECTORY}/assets;
	}
}

server {
	listen 443 ssl;
	server_name a.${DOMAIN};

	ssl_certificate     ${SSL_CERT_PATH};
	ssl_certificate_key ${SSL_KEY_PATH};
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:@SECLEVEL=1";

	location / {
		root ${DATA_DIRECTORY}/avatars;
		try_files $uri $uri.png $uri.jpg $uri.gif $uri.jpeg $uri.jfif /default.jpg = 404;
	}
}