server {

    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    fastcgi_buffers 16 32k;
    fastcgi_buffer_size 64k;

    client_max_body_size 48M;
    client_body_buffer_size 128k;

    client_header_buffer_size 5120k;
    large_client_header_buffers 32 5120k;


    proxy_max_temp_file_size 0;
    proxy_buffering off;

    proxy_read_timeout 300;
    proxy_send_timeout 300;
    proxy_connect_timeout 300;

    fastcgi_read_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_connect_timeout 300;

    #only works in nginx+
    #set_cookie_flag HttpOnly Secure;
    proxy_cookie_path / "/; secure; HTTPOnly; SameSite=strict";


    proxy_set_header X-Real-IP $remote_addr;

    server_name stage.ligalytics.com;


    error_page 501 502 503 504 /maintenance.html;
    location /maintenance.html {
        root /var/www/html;
    }


    location = /favicon.ico {
        access_log off; log_not_found off;
    }

    location /media {
        #autoindex on;
        alias /home/django/prod/data/media;
    }


    location /static/ {
        root /home/django/;
    }
    location / {
        proxy_set_header Host $http_host;
        proxy_pass http://unix:/home/django/prod/leagues.sock;
        proxy_set_header REMOTE_ADDR $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_read_timeout 3600;
        proxy_intercept_errors on;
    }


    location ^~ /.well-known {
        root /home/django/prod;
        allow all;
    }


    location = /_csp {
        access_log /var/log/nginx/csp.log CSP;
        proxy_pass http://127.0.0.1/_csp_response;
    }


    include snippets/ssl-ligalytics.conf;
    include snippets/ssl-params.conf;


}


server {
    listen 81;
    location /metrics {
        stub_status on;
    }
}