# webtop.conf
server {
    server_name webtop.*;
  set $upstream_proto https;
  set $upstream_app         "webtop";
  set $upstream_port           3001;
    listen 80;
    if ($scheme = http) {
        return 301 https://$host$request_uri;
    }
    listen 443 ssl;
    include /config/nginx/ssl.conf;
    client_max_body_size 0;

    # START OF REUSABLE AUTH CONFIG
    location /nforwardauth {
        internal;
        proxy_pass_request_body off;
        proxy_set_header Host "auth.srweaver.com";
        proxy_pass http://sso:3000/nginx;
       }
    error_page 401 = @auth_redirect;
    location @auth_redirect {
        return 302 https://auth.srweaver.com/login?r=$scheme://$http_host$request_uri;
       }
    # END OF REUSABLE AUTH CONFIG
    location / {
        auth_request /nforwardauth;
        auth_request_set $auth_status $upstream_status;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        proxy_set_header X-Real-IP 127.0.0.1;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port$request_uri;
    }
    location /feed/ {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
}