worker_processes  auto;
worker_cpu_affinity auto;

#pid        /var/run/nginx.pid;
error_log  /dev/stderr warn;

events {
    worker_connections  1024;
}

http {
#   rewrite_log on;
    include            mime.types;
    default_type       application/json;
    access_log         /dev/stdout;
    sendfile           on;
#   tcp_nopush         on;
    keepalive_timeout  3;
#   tcp_nodelay        on;
    gzip               on;

    proxy_cache_path ./cache/ keys_zone=auth_cache:5m;
    client_max_body_size 1M;

    server {
        listen 8080 default_server;
        server_name _;

        absolute_redirect off;

        location / {
            root /var/www/html;
            index index.html;

            try_files $uri $uri/ /index.html;
        }

        location = /ldap-auth {
            internal;
            proxy_pass_request_body off;
            client_max_body_size 0; # has to be set even tho the body is not passed
            proxy_set_header Content-Length "";
            #proxy_cache auth_cache;
            #proxy_cache_valid 200 5m;
            #proxy_cache_key $scheme$proxy_host$request_uri$remote_user;
            proxy_pass http://nginx-ldap-auth:8888;
            proxy_set_header X-Ldap-URL "ldap://ldap/";
            proxy_set_header X-Ldap-Template "(uid=%(username)s)";
            proxy_set_header X-Ldap-BaseDN "ou=users,dc=example,dc=com";
            #proxy_set_header X-Ldap-BindDN "cn=test,dc=example,dc=com";
            #proxy_set_header X-Ldap-BindPass "test";
        }

        #location ~ ^/api/dav/files/(?<userpath>(\w+))(|(?<filename>/.*))$ {
        location ~ ^/api/dav/files(?<filename>.*)$ {

            if ( $request_method = OPTIONS ) {
                add_header "Access-Control-Allow-Origin" *;
                add_header "Access-Control-Allow-Methods" *;
                add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
            }

            if ($remote_user = "") {
                add_header "WWW-Authenticate" "Basic realm=\"Restricted\"";
                return 401;
            }

            proxy_set_header X-Auth "nginxauth";
            proxy_set_header Cookie nginxauth=$cookie_nginxauth;
            proxy_set_header Authorization $http_authorization;

            auth_request /ldap-auth;
            auth_request_set $new_cookie $sent_http_set_cookie;

            add_header "Set-Cookie" $new_cookie;
            add_header "X-Auth" $sent_http_set_cookie;
            auth_basic "Restricted";
            #auth_basic_user_file /opt/nginx/htpasswd;
            satisfy any;

            alias /media/$remote_user$filename;

            client_max_body_size 120G;
            client_body_temp_path /tmp/nginx/client-body;
            create_full_put_path on;
            autoindex on;
            autoindex_exact_size off;
            autoindex_localtime on;
            autoindex_format html;
            charset utf-8;

            dav_methods PUT DELETE MKCOL COPY MOVE;
            dav_ext_methods PROPFIND OPTIONS;
            dav_access user:rw group:rw all:rw;
        }
    }
}