server {
    client_max_body_size 64M;

    listen 80;
    server_name {{ domain_poste }};

    location ^~ /.well-known/acme-challenge/ {
        proxy_pass http://0.0.0.0:3003;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        default_type "text/plain";
        allow all;
    }
}

server {
    client_max_body_size 64M;
    #large_client_header_buffers 4 16k;

    listen 443 ssl http2;

    server_name {{ domain_poste }};

    ssl_certificate /etc/nginx/placeholder.crt;
    ssl_certificate_key /etc/nginx/placeholder.key;

    #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    
    #auth_basic "Restricted Content";
    #auth_basic_user_file letsbe-htpasswd;
    
    location / {
        proxy_pass https://0.0.0.0:3004;
        proxy_buffering off;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-IP $http_cf_connecting_ip;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        #proxy_buffers 16 4k;
        #proxy_buffer_size 2k;
    }

    location ^~ /.well-known/acme-challenge/ {
        proxy_pass http://0.0.0.0:3003;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        default_type "text/plain";
        allow all;
        
    }
}