server {
    listen 80;
    server_name triton2.fet.at *.triton2.fet.at www.triton2.fet.at triton2.local;

    include snippets/letsencrypt.conf;
}
server {
    listen 80;
    server_name portainer.triton20.fet.at;

    include snippets/letsencrypt.conf;
}

server {
    listen 443 ssl http2;
    server_name portainer.triton2.fet.at www.portainer.triton2.fet.at;

    ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
    include snippets/ssl.conf;
    
    location / {

        proxy_pass http://rancher:9000;
	
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "";

        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Upstream $upstream_addr;

    }
    location /api/websocket/ {
        set $upstream_endpoint http://rancher:9000;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Upstream $upstream_addr;
        proxy_http_version 1.1;
        proxy_pass $upstream_endpoint;
        proxy_redirect http://rancher:9000 $scheme://$host/;
    }   
}
server {
    listen 443 ssl http2;
    server_name portainer.triton20.fet.at www.portainer.triton20.fet.at;

    ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
    include snippets/ssl.conf;
    
    location / {

        proxy_pass http://triton20:9000;
	
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "";

        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Upstream $upstream_addr;

    }
    location /api/websocket/ {
        set $upstream_endpoint http://triton20:9000;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Upstream $upstream_addr;
        proxy_http_version 1.1;
        proxy_pass $upstream_endpoint;
        proxy_redirect http://triton20:9000 $scheme://$host/;
    }   
}

server {
    listen 443 ssl http2;
    server_name www.triton2.fet.at *.triton2.fet.at triton2.fet.at;

    ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
    include snippets/ssl.conf;

    client_max_body_size 1000M;
    location /dev {
    include snippets/ldap.conf;
    proxy_pass http://rancher:80;
        include snippets/proxy_header.conf;

    }
    location /dokuwiki {
        include snippets/ldap.conf;
        proxy_pass http://rancher:80;
        include snippets/proxy_header.conf;
    	     
    }
    location /etherpad {
     proxy_pass http://rancher:80;
        include snippets/proxy_header.conf;
        proxy_set_header Authorization "";
        proxy_set_header REMOTE_USER $remote_user;
	proxy_set_header X-Authenticated-User $remote_user; 
    }
    location / {
        include snippets/ldap.conf;
    	#include snippets/header.conf; # security headers	
        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'";
	proxy_pass http://rancher:80;	  
        include snippets/proxy_header.conf;


    }
}
server {
    listen 443 ssl http2;
    server_name proxy.triton2.fet.at;

    ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
    include snippets/ssl.conf;
    include snippets/header.conf;

#    include snippets/ldap.conf;
    client_max_body_size 1000M;

    location / {
        proxy_pass https://rancher:443;
        include snippets/proxy_header.conf;

    }
}
server {
    listen 443 ssl http2;
    server_name docker.triton2.fet.at;

    ssl_certificate /etc/letsencrypt/live/triton2.fet.at-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/triton2.fet.at-0001/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/triton2.fet.at-0001/chain.pem;
    include snippets/ssl.conf;
    include snippets/header.conf;
#    satisfy any;
#    allow 192.168.86.0/24;

    client_max_body_size 1000M;

    location / {
        proxy_pass https://rancher:443;
        include snippets/proxy_header.conf;
        proxy_set_header Authorization "";
        proxy_set_header REMOTE_USER $remote_user; 

    }
    location /v2/ {
        proxy_pass https://rancher:443;
        include snippets/proxy_header.conf;
    include snippets/ldap.conf;
        proxy_set_header Authorization "";
        proxy_set_header REMOTE_USER $remote_user; 

}



}