server {
	listen 80 default_server;

	location /security.txt {
		return 301 https://{{ domain_name_pim }}/.well-known/security.txt;
	}

	location /.well-known/security.txt {
		return 301 https://{{ domain_name_pim }}/.well-known/security.txt;
	}
}

server {
    # For the federation port
    listen 8448 http2 default_server;
    listen [::]:8448 http2 default_server;

    server_name matrix.pim.kunis.nl;

    location ~ ^(/_matrix|/_synapse/client) {
        # note: do not add a path (even a single /) after the port in `proxy_pass`,
        # otherwise nginx will canonicalise the URI and cause signature verification
        # errors.
        proxy_pass http://host.docker.internal:{{ internal_matrix_port }};
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 50M;
	
	# Synapse responses may be chunked, which is an HTTP/1.1 feature.
	proxy_http_version 1.1;
    }
}

server {
	listen 80;
	server_name {{ domain_name_pim }};
	index index.html index.htm;
	root /var/www/blog;

	location /security.txt {
		return 301 https://$host/.well-known/security.txt;
	}

	location /.well-known/security.txt {
		add_header Content-Type 'text/plain';
		add_header Cache-Control 'no-cache, no-store, must-revalidate';
		add_header Pragma 'no-cache';
		add_header Expires '0';
		add_header Vary '*';
		return 200 "Contact: mailto:pim@kunis.nl\nExpires: 1970-01-01T00:00:00.000Z\nPreferred-Languages: en,nl\n";
	}

	location / {
	    try_files $uri $uri/ /index.html;
	}

	location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
	    expires 30d;
	    add_header Pragma public;
	    add_header Cache-Control "public";
	}

	error_page 404 /404.html;
}