user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;


events {
	worker_connections 1024;
}


http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	reset_timedout_connection on;

	keepalive_timeout 75s;

	gzip off;
	server_tokens off;

	server_names_hash_bucket_size 64;
	types_hash_max_size 2048;
	types_hash_bucket_size 64;
	client_body_buffer_size 64k;
	client_max_body_size 100m;

	proxy_http_version 1.1;
	proxy_redirect off;
	proxy_buffer_size          128k;
	proxy_buffers              4 256k;
	proxy_busy_buffers_size    256k;
	proxy_next_upstream error timeout invalid_header http_502 http_503 non_idempotent;
	proxy_next_upstream_tries 2;

	# Docker default address pools
	# https://github.com/moby/libnetwork/blob/3797618f9a38372e8107d8c06f6ae199e1133ae8/ipamutils/utils.go#L10-L22
	set_real_ip_from 172.17.0.0/16;
	set_real_ip_from 172.18.0.0/16;
	set_real_ip_from 172.19.0.0/16;
	set_real_ip_from 172.20.0.0/14;
	set_real_ip_from 172.24.0.0/14;
	set_real_ip_from 172.28.0.0/14;
	set_real_ip_from 192.168.0.0/16;
	set_real_ip_from 10.0.0.0/8;
	real_ip_header X-Forwarded-For;
	real_ip_recursive on;

	# Remove the Connection header if the client sends it,
	# it could be "close" to close a keepalive connection
	proxy_set_header Connection '';
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Request-Id $request_id;
	proxy_read_timeout 30s;
	proxy_send_timeout 5s;

	upstream relay {
		server relay:3000;
		keepalive 2;
	}

	upstream sentry {
		server web:96;
		keepalive 2;
	}

	server {
		listen 80;

		location /api/store/ {
			proxy_pass http://relay;
		}
		location ~ ^/api/[1-9]\d*/ {
			proxy_pass http://relay;
		}
		location ^~ /api/0/relays/ {
			proxy_pass http://relay;
		}
		location ^~ /js-sdk/ {
			root /var/www/;
			# This value is set to mimic the behavior of the upstream Sentry CDN. For security reasons,
			# it is recommended to change this to your Sentry URL (in most cases same as system.url-prefix).
			add_header Access-Control-Allow-Origin *;
		}
		location / {
			proxy_pass http://sentry;
		}
		location /_static/ {
			proxy_pass http://sentry;
			proxy_hide_header Content-Disposition;
		}
	}
}