server {
	root /usr/share/nginx/html;

	index index.html index.htm index.nginx-debian.html;
  server_name _; # managed by Certbot
  client_max_body_size 50M;

  location /auth {
    if ($request_method = OPTIONS) {
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization always;
      return 200;
    }
    if ($host = admin.pena.digital) {
      proxy_pass http://admin-auth-service:8080;
    }
    if ($host != admin.pena.digital) {
      proxy_pass http://pena-auth-service:8080;
    }
    proxy_hide_header Access-Control-Allow-Origin;
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
  }
  location /user/ {
    if ($request_method = OPTIONS) {
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization always;
    add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
      return 200;
    }
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization always;
    add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
    proxy_pass http://pena-auth-service:8080;
  }

  location /swagger/ {
    proxy_pass http://pena-auth-service:8080/;
  }
  location /cookie {
    add_header Access-Control-Allow-Origin $http_origin;
    add_header Access-Control-Allow-Credentials true;
    add_header Set-Cookie "test=sameshit;SameSite=None;HttpOnly;Secure;";
    return 200;
  }

  location /heruvym/ {
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization,sess always;
    add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
    proxy_set_header Referer $host;
    proxy_set_header Origin $http_origin;
    proxy_set_header Connection '';
    proxy_http_version 1.1;
    chunked_transfer_encoding off;
    proxy_buffering off;
    proxy_cache off;
    proxy_pass https://10.6.0.11:1488/;
  }

  location /strator/ {
    if ($request_method = OPTIONS) {
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization always;
    add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
      return 200;
    }
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization always;
    add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
    proxy_pass http://hub-admin-backend-service:8005/;
  }

  location /customer/ {
    if ($request_method = OPTIONS) {
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization always;
    add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
      return 200;
    }
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization always;
    add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
    proxy_pass http://customer-service-staging:8065/;
  }

  location /price/ {
    if ($request_method = OPTIONS) {
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization always;
    add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
      return 200;
    }
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization always;
    add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
    proxy_pass http://10.6.0.11:8001/;
  }
  location /feedback/ {
    if ($request_method = OPTIONS) {
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type always;
      return 200;
    }
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type always;
    proxy_set_header Host $host;
    proxy_pass http://10.6.0.31:8006/;
  }
  location /verification1 {
    if ($request_method = OPTIONS) {
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type always;
    add_header Access-Control-Allow-Methods GET;

      return 200;
    }
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type always;
    add_header Access-Control-Allow-Methods GET;
    chunked_transfer_encoding off;
    proxy_buffering off;
    proxy_cache off;
    proxy_pass https://storage.yandexcloud.net;
  }
  location /verification/ {
    if ($request_method = OPTIONS) {
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization always;
    add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
      return 200;
    }
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Allow-Headers content-type,authorization always;
    add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
    proxy_set_header Referer $host;
    proxy_set_header Origin $http_origin;
    proxy_set_header Connection '';
    proxy_http_version 1.1;
    chunked_transfer_encoding off;
    proxy_buffering off;
    proxy_cache off;
    proxy_pass http://10.6.0.31:7035/;
  }

  location / {
    if ($host = hub.pena.digital) {
        proxy_pass http://hub;
    }
    if ($host = docs.pena.digital) {
        proxy_pass http://docs;
    }
    if ($host = admin.pena.digital) {
        proxy_pass http://admin_front;
    }
    if ($host = services.pena.digital) {
        proxy_pass http://services;
    }
    if ($host = links.pena.digital) {
        proxy_pass http://dwarfener;
    }
    if ($host = oauth.pena.digital) {
        proxy_pass http://pena-social-auth-service:8000;
    }
    if ($host = squiz.pena.digital) {
        proxy_pass http://squiz;
    }
	}

  listen [::]:443 ssl ipv6only=on; # managed by Certbot
  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/nginx/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/nginx/privkey.pem; # managed by Certbot

}
server {
	listen 80 ;
	listen [::]:80 ;
  server_name _;
  return 301 https://$host$request_uri;
}