apiVersion: v1
kind: ConfigMap
metadata:
  name: "nginx-configuration"
data:
  protocol: {{ include "nginx.scheme" . }}
  nginx.conf: |-
    events {}
    http {
      # redirects all http requests to https requests
      server {
        listen 8000 default_server;
        listen [::]:8000 default_server;
        return 301 https://$host$request_uri;
      }

      server {
        server_name localhost;

        listen 443 ssl http2;
        listen [::]:433 ssl http2;

        ssl_certificate '/etc/nginx-certs/public.crt';
        ssl_certificate_key '/etc/nginx-certs/private.key';

        # maximum 3GB Upload File; change to fit your needs
        client_max_body_size 3G;

        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;

        location = /robots.txt {
          allow all;
          log_not_found off;
          access_log off;
        }

        location = /.well-known/carddav {
          return 301 $scheme://$host/remote.php/dav;
        }

        location = /.well-known/caldav {
          return 301 $scheme://$host/remote.php/dav;
        }

        location / {
          proxy_pass http://localhost;
          proxy_http_version                 1.1;
          proxy_cache_bypass                 $http_upgrade;
          proxy_request_buffering            off;

          # Proxy headers
          proxy_set_header Upgrade           $http_upgrade;
          proxy_set_header Connection        "upgrade";
          proxy_set_header Host              $http_host;
          proxy_set_header X-Real-IP         $remote_addr;
          proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto https;
          proxy_set_header X-Forwarded-Host  $host;
          proxy_set_header X-Forwarded-Port  $server_port;

          # Proxy timeouts
          proxy_connect_timeout              60s;
          proxy_send_timeout                 60s;
          proxy_read_timeout                 60s;
        }
      }
    }