# Create a map of known attack locations
map $request_uri $block_uri {
    default 0;
    ~*/wp-.* 1;
    ~*\.env 1;
    /etc 1;
}

# m5p3nc3r webserver
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name m5p3nc3r.co.uk www.m5p3nc3r.co.uk;

    ssl_certificate /etc/letsencrypt/live/m5p3nc3r.co.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/m5p3nc3r.co.uk/privkey.pem;

    if ($block_uri = 1) {
        return 403;
    }

    location / {
        proxy_pass http://rpi4-2:3000;
    }
}

# gitea.m5p3nc3r webserver
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name gitea.m5p3nc3r.co.uk;

    ssl_certificate /etc/letsencrypt/live/m5p3nc3r.co.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/m5p3nc3r.co.uk/privkey.pem;

    # if ($block_uri = 1) {
    #     return 403;
    # }

    location / {
        proxy_pass http://rpi5-2:3000;
    }
}

# apptabulous webserver
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name apptabulous.co.uk www.apptabulous.co.uk;

    ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;

    if ($block_uri = 1) {
        return 403;
    }

    location / {
        proxy_pass http://rpi4-2:3001;
    }
}

# Container registry
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name hub.apptabulous.co.uk;

    ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;

    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;
    
    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
    chunked_transfer_encoding on;

    location / {
        proxy_pass http://rpi4-2:5000;
    }
}

# Watchtower
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name watchtower.apptabulous.co.uk;

    ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;

    location / {
        proxy_pass http://rpi4-2:8080;
    }
}