#server {
#    listen       80;
#    server_name  localhost;
#    location / {
#        proxy_pass   http://backend:8000;
#    }


# always redirect to https
server {
	listen 80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}

server {
	listen 443 ssl http2;
	# use the certificates
	ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
	server_name oily.dad www.oily.dad;
	root /var/www/html;
	index index.php index.html index.htm;

	add_header Onion-Location http://oilydada7ckiseinkbeathsefwgkvjrce743xy7x7iiybkuxh4vheead.onion$request_uri;

	location / {
		proxy_pass http://backend:8000/;
	}
}

server {
	listen 443 ssl http2;
	# use the certificates
	ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
	server_name gut.oily.dad;
	root /var/www/html;
	index index.php index.html index.htm;

	location / {
		client_max_body_size 512M;
	        #proxy_pass http://localhost:3000;
	        proxy_set_header Connection $http_connection;
        	proxy_set_header Upgrade $http_upgrade;
	        proxy_set_header Host $host;
	        proxy_set_header X-Real-IP $remote_addr;
	        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	        proxy_set_header X-Forwarded-Proto $scheme;
		proxy_pass http://gitea:3000/;
	}
}