server {
    listen [::]:80;
    listen 80;
    server_name notes.thenineworlds.net;

    location ^~ /.well-known {
        allow all;
        root /var/www/html;
    }

    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen [::]:8443 ssl proxy_protocol;
    listen  8443 ssl proxy_protocol;
    server_name notes.thenineworlds.net;

    ssl_certificate         /etc/letsencrypt/live/notes.thenineworlds.net/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/notes.thenineworlds.net/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/notes.thenineworlds.net/chain.pem;

    set_real_ip_from {{ services_all_services.rproxy.inet_address }};
    set_real_ip_from {{ services_all_services.rproxy.inet6_address }};

    set_real_ip_from {{ services_all_services.lrproxy.inet_address }};
    set_real_ip_from {{ services_all_services.lrproxy.inet6_address }};

    real_ip_header proxy_protocol;

    # Values copied from
    # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html and adjusted to
    # 16G.
    client_max_body_size 16G;
    client_body_timeout 3600s;
    client_body_buffer_size 512k;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://pod-notes:22300;
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

}