server {
        listen 80;
        listen [::]:80;
	listen 443 ssl; http2 on;

	if ($scheme != "https")
	{
		return 301 https://$host$request_uri;
	}

	root /var/www/r7-office/admin;
	index index.html;

	server_name admin.{domain};
	server_tokens off;

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_certificate /etc/nginx/ssl/{domain}.crt;
	ssl_certificate_key /etc/nginx/ssl/{domain}.key;
	ssl_ciphers HIGH:!aNULL:!MD5;

	location /saml2 {
 	    proxy_set_header host $host;
	    proxy_set_header X-real-ip $remote_addr;
	    proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
	    proxy_set_header X-Module Admin;
	    proxy_pass http://0.0.0.0:38034/saml2;
	}

	location /api {
	    proxy_set_header host $host;
	    proxy_set_header X-real-ip $remote_addr;
	    proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
	    proxy_set_header X-Module Admin;
	    proxy_pass http://localhost:38033/api;
	}

	location /web-apps {
            proxy_pass http://0.0.0.0:8083/web-apps;
        }
	
	#location /source {
	#    proxy_pass http://cddisk.{domain}/source;
	#}

        location /docserver {
            rewrite /docserver/(.*) /$1  break;
            proxy_pass http://0.0.0.0:8083;
            proxy_redirect     off;
            proxy_set_header   Host $host;
	    proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $server_name;
            proxy_set_header X-Forwarded-Proto $the_scheme;
            proxy_set_header Connection $proxy_connection;
            proxy_ssl_verify off;
        }
        location /cache {
            rewrite /docserver/cache/(.*) /$1  break;
            proxy_pass http://0.0.0.0:8083;
            proxy_redirect     off;
            proxy_set_header   Host $host;
	    proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $server_name;
            proxy_set_header X-Forwarded-Proto $the_scheme;
            proxy_set_header Connection $proxy_connection;
            proxy_ssl_verify off;
        }

        location / {
                try_files $uri $uri/ /index.html;
        }
}
