limit_req_zone $binary_remote_addr zone=fivepersec:10m rate=5r/s;

# first we declare our upstream server, which is our Gunicorn application
upstream robosats_gunicorn_rest {
    # docker will automatically resolve this to the correct address
    # because we use the same name as the service: "robosats"
    server localhost:8000;
    
}

upstream robosats_daphne_websocket {
    # docker will automatically resolve this to the correct address
    # because we use the same name as the service: "robosats"
    server localhost:9000;
}

map $host $allowed_onion {
    default 0;
    "~*testraliar7xkhos2gipv2k65obykofb4jqzl5l4danfryacifi4t7qd\.onion" 1;  # Allows access for your coordinator onion address
}

# now we declare our main server
server {

    listen 80;
    server_name satstralia.com;
    large_client_header_buffers 4 64k;

    location /static {
        alias /usr/src/static;
    }

    location /.well-known {
        alias /usr/src/.well-known;
    }

    location / {
        # requests are passed to Gunicorn
        proxy_pass http://robosats_gunicorn_rest;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
        # Replace with the onion hidden service of your coordinator
        add_header Onion-Location https://testraliar7xkhos2gipv2k65obykofb4jqzl5l4danfryacifi4t7qd.onion$request_uri;
        limit_req zone=fivepersec burst=10;
    }

    location /coordinator {
        # Denies any access by default
        set $allow_access 0;

        if ($allowed_onion = 1) {
            set $allow_access 1; # Allows access for your coordinator onion address
        }

        if ($allow_access = 0){
            return 403; # Access is forbidden if none of the above conditions are met.
        }

        proxy_pass http://robosats_gunicorn_rest;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
        # Replace with the onion hidden service of your coordinator
        add_header Onion-Location https://testraliar7xkhos2gipv2k65obykofb4jqzl5l4danfryacifi4t7qd.onion$request_uri;

    }

    location /ws/ {
	    # websockets are passed to Daphne
        proxy_pass http://robosats_daphne_websocket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }

    location /nostr {
        proxy_pass http://127.0.0.1:7777;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }

    location = /favicon.ico { access_log off; log_not_found off; }

}