server {
    listen 80;
    server_name bernie;

    client_max_body_size 48M;
    client_body_buffer_size 128k;

    client_header_buffer_size 5120k;
    large_client_header_buffers 32 5120k;

    #only works in nginx+
    #set_cookie_flag HttpOnly Secure;
    #proxy_cookie_path / "/; secure; HTTPOnly; SameSite=strict";
    # proxy_set_header X-Real-IP $remote_addr;


	real_ip_recursive on;
	real_ip_header CF-Connecting-IP;

    set_real_ip_from 192.168.178.41;

    error_page 501 502 503 504 /maintenance.html;
    location /maintenance.html {
        root /home/django/;
    }

    location = /favicon.ico {
        access_log off; log_not_found off;
    }

    location /media {
        #autoindex on;
        alias /home/django/leagues/data/media;
    }

    location /static/ {
        root /home/django/;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/gunicorn.sock;

        # proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header Host $http_host;
        #proxy_set_header REMOTE_ADDR $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_headers_hash_max_size 512;
        #proxy_headers_hash_bucket_size 128;

        #proxy_read_timeout 3600;
        #proxy_intercept_errors on;
    }

    #location ^~ /.well-known {
    #root /home/django/leagues/;
    #allow all;
    #}

    #location = /_csp {
    #        access_log /var/log/nginx/csp.log CSP;
    #        proxy_pass http://127.0.0.1/_csp_response;
    #}

    # FOR CSP
    include snippets/ssl-params.conf;
}