#user  nobody;
worker_processes  1;
#pid        logs/nginx.pid;

load_module "/usr/local/libexec/nginx/ngx_http_xslt_filter_module.so";
load_module "/usr/local/libexec/nginx/ngx_rtmp_module.so";

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    gzip  on;
    gzip_disable "msie6";

    include /usr/local/etc/nginx/sites.d/*;
}

rtmp {
  server {
    listen 1935;
    max_message 10M;

    application wnob {
      live on;
      record off;
    }

    application strim {
      live on;
      hls on;

      hls_path /usr/local/www/hls/;

      hls_variant _low BANDWIDTH=250000;
      hls_variant _mid BANDWIDTH=500000;
      hls_variant _high BANDWIDTH=1000000;
      hls_variant _hd720 BANDWIDTH=1500000;
      hls_variant _src BANDWIDTH=2000000;
    }
  }
}

server {
  listen 443 ssl;
  server_name host.example.com
  root /usr/local/www/host.example.com/;
  error_page 404 /404.html;

  index index.html;
  autoindex on;
  autoindex_localtime off;
  autoindex_format xml;

  location / {
    xslt_stylesheet /usr/local/www/host.example.com/index.xslt;
  }

  location ~ /\..* {
    return 404;
  }

  location ~ /.+/ {
    xslt_stylesheet /usr/local/www/host.example.com/project.xslt;
  }

  location ~ /.*\.xslt/ {
    return 404;
  }

  location ~ \.thumb\.png$ {
    error_page 404 /404.thumb.png;
  }
    ssl_certificate /usr/local/etc/letsencrypt/live/host.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /usr/local/etc/letsencrypt/live/host.example.com/privkey.pem; # managed by Certbot

  include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;

  add_header Strict-Transport-Security "max-age=31536000" always;

}

server {
  listen 80;
  server_name host.example.com;

  if ($host = host.example.com) {
    return 301 https://$host$request_uri;
  }

  return 404;
}

server {
  listen 443 ssl;
  server_name other.example.com;

  ssl_certificate /usr/local/etc/letsencrypt/live/other.example.com/fullchain.pem;
  ssl_certificate_key /usr/local/etc/letsencrypt/live/other.example.com/privkey.pem;

  include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;

  add_header Strict-Transport-Security "max-age=31536000" always;

  access_log /home/otherapp/logs/access.log;
  error_log /home/otherapp/logs/error.log;

  client_max_body_size 5M;

  location / {
    root /home/otherapp/app/static;
    index man.txt;
    try_files $uri @proxy;
  }

  location @proxy {
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://unix:/var/run/otherapp/sock:;
  }
}

server {
  listen 80;
  server_name other.example.com;

  if ($host = other.example.com) {
    return 301 https://$host$request_uri;
  }

  return 404;
}