error_log /dev/stdout;

lua_shared_dict jasima_cache 20m;
lua_package_path "/opt/sitelen-tu/?.lua;;";

lua_shared_dict auto_ssl 1m;
lua_shared_dict auto_ssl_settings 64k;

resolver 127.0.0.11 valid=60 ipv6=off;

init_by_lua_block {
    auto_ssl = (require "resty.auto-ssl").new()
    auto_ssl:set("storage_adapter", "resty.auto-ssl.storage_adapters.redis")
    auto_ssl:set("redis", {
      host = "redis"
    })
    auto_ssl:set("allow_domain", function(domain)
        return domain == os.getenv("JASIMA_PROXY_HOST")
    end)
    auto_ssl:init()
}

init_worker_by_lua_block {
    auto_ssl:init_worker()
}

upstream origin {
    server 127.0.0.1;

    balancer_by_lua_file /opt/sitelen-tu/balancer.lua;
}

server {
    listen 443 ssl;
    server_name localhost default;

    ssl_certificate_by_lua_block {
        auto_ssl:ssl_certificate()
    }
    ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
    ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;

    location / {
        # These variables are set in the access_by_lua stage
        # TODO: These might be better to set with a set_by_lua_block
        set $jasima_host "fallback.invalid";
        set $jasima_host_header "fallback.invalid";
        set $jasima_host_ssl "fallback.invalid";

        access_by_lua_file /opt/sitelen-tu/access.lua;

        proxy_pass https://origin;
        proxy_ssl_server_name on;
        proxy_ssl_name $jasima_host_ssl;
        proxy_set_header Accept-Encoding "";
        proxy_set_header Host $jasima_host_header;

        sub_filter_once off;
        sub_filter_types text/html text/css text/xml application/javascript application/rss+xml application/atom+xml application/vnd.mpegurl application/x-mpegurl;
        sub_filter 'http://$jasima_host' '/';
        sub_filter 'https://$jasima_host' '/';
        sub_filter '//$jasima_host' '/';
        sub_filter 'REWRITE_JASIMA_HOST_PLACEHOLDER' $jasima_host;

        header_filter_by_lua_file /opt/sitelen-tu/header_filter.lua;
        body_filter_by_lua_file /opt/sitelen-tu/body_filter.lua;
    }
}

server {
    listen 80;
    location /.well-known/acme-challenge/ {
        content_by_lua_block {
            auto_ssl:challenge_server()
        }
    }
    location / {
        return 404;
    }
}

server {
    listen 127.0.0.1:8999;
    client_body_buffer_size 128k;
    client_max_body_size 128k;

    location / {
        content_by_lua_block {
            auto_ssl:hook_server()
        }
    }
}