upstream chan {
	server localhost:7000;
}

server {

	server_name domain.com www.domain.com;
	server_tokens off;
	error_page 404 = /path/to/jschan/static/html/404.html;
	error_page 502 = /path/to/jschan/static/html/502.html;

	add_header Cache-Control "public";
	add_header Content-Security-Policy "default-src 'self'; img-src 'self'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'";
	add_header Referrer-Policy "same-origin" always;
	add_header X-Frame-Options "sameorigin" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-XSS-Protection "1; mode=block" always;

	if ($request_uri ~ ^/(?!captcha|randombanner|forms|logout|socket\.io)) {
		rewrite ^([^.\?]*[^/])$ $1/ redirect;
		rewrite ^(.+)/$ $1/index.html redirect;
	}

	location = /robots.txt {
		access_log off;
		add_header Content-Type text/plain;
		return 200 "User-agent: *\nDisallow:\n";
	}

	location = /favicon.ico {
		access_log off;
		expires max;
		root /path/to/jschan/static/img;
		try_files $uri =404;
	}

	location = / {
		return 302 http://$host/index.html;
	}

	location /captcha {
		access_log off;
		root /path/to/jschan/static/captcha;
		if ($cookie_captchaid) {
			return 302 http://$host/captcha/$cookie_captchaid.jpg;
		}
		try_files /$cookie_captchaid.jpg @backend;
	}

	location / {
		proxy_buffering off;
		proxy_pass http://chan$request_uri;
		proxy_http_version 1.1;

		#websocket
		proxy_set_header Host $host;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection 'upgrade';
		proxy_cache_bypass $http_upgrade;

		proxy_set_header X-Forwarded-Proto http;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Country-Code $geoip_country_code;
		proxy_set_header X-Country-Name $geoip_country_name;
	}

	location @backend {
		proxy_buffering off;
		proxy_pass http://chan$request_uri;
		proxy_http_version 1.1;
		proxy_set_header X-Forwarded-Proto http;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Country-Code $geoip_country_code;
		proxy_set_header X-Country-Name $geoip_city_country_name;
		proxy_set_header Connection '';
		proxy_set_header Host $host;
	}

	# HTML
	location ~* \.html$ {
		expires 0;
		root /path/to/jschan/static/html;
		try_files $uri @backend;
	}

	# JSON
	location ~* \.json$ {
		expires 0;
		root /path/to/jschan/static/json;
		try_files $uri =404;
		#json doesnt hit backend if it doesnt exist yet.
	}

	# CSS
	location ~* \.css$ {
		access_log off;
		expires 1d;
		root /path/to/jschan/static;
		try_files $uri =404;
	}

	# Scripts
	location ~* \.js$ {
		expires 1d;
		access_log off;
		root /path/to/jschan/static;
		try_files $uri =404;
	}

	# Files (image, video, audio, other)
	location ~* \.(png|jpg|jpeg|gif|apng|webp|pjpeg|jfif|mkv|mp4|webm|mov|svg|mp3|ogg|wav|opus)$ {
		access_log off;
		expires max;
		root /path/to/jschan/static;
		try_files $uri =404;
	}

	# "Other" Files for custom type uploads, uses content-disposition to prevent rendering
	# inline in browser and will present a "save" dialog box. make sure these file 
	# extensions match for mimes defined in configs/main.js "otherMimeTypes"
#	location ~* \.(txt)$ {
#		access_log off;
#		expires max;
#		add_header Cache-Control "public";
#		add_header X-Content-Type-Options "nosniff" always;
#		add_header Content-Disposition "attachment";
#		root /path/to/jschan/static;
#		try_files $uri =404;
#	}

	listen 80;
	listen [::]:80;

}