worker_processes 4;


events {
  worker_connections 1024;
}

http {
  
  # Configuration containing list of application servers
  upstream app_servers {

    server ctfd:8000;
  }

  server {
    # Unable to find a host match, enter here
    listen 80 default_server;
    return 444; # Malformed request, send back nginx custom return code
  }

  server {
    listen 8443 ssl;
    client_max_body_size 4G;

    ssl_certificate /etc/ssl/ctfd.crt;
    ssl_certificate_key /etc/ssl/ctfd.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    # Handle Server Sent Events for Notifications
    location /events {

      proxy_pass http://app_servers;
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $host;
    }

    # Proxy connections to the application servers
    location / {

      proxy_pass http://app_servers;
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $host;
    }
  }

  # Redirect all HTTP requests to HTTPS
  server {
    listen 80;
    return 301 https://$hostname$request_uri;
  }
}