events {
    worker_connections 1024;
}

http {
    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=peertube_cache:10m max_size=15g inactive=7d use_temp_path=off;

    server {
        listen 9000;

        # Hide nginx version
        server_tokens off;

        # Enable compression for JS/CSS/HTML bundle, for improved client load times.
        # It might be nice to compress JSON, but leaving that out to protect against potential
        # compression+encryption information leak attacks like BREACH.
        gzip on;
        gzip_types text/css application/javascript;
        gzip_vary on;

        # Enable HSTS
        # Tells browsers to stick with HTTPS and never visit the insecure HTTP
        # version. Once a browser sees this header, it will only visit the site over
        # HTTPS for the next 2 years: (read more on hstspreload.org)
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

        location / {
            proxy_pass              http://peertube:9000;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        Host $host;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            client_max_body_size    600M;
            proxy_connect_timeout   600;
            proxy_send_timeout      600;
            proxy_read_timeout      600;
            send_timeout            600;
        }
        location ~ ^/(static/(thumbnails|previews|avatars)|client)/ {
            proxy_pass              http://peertube:9000;
            proxy_cache             peertube_cache;
            proxy_cache_use_stale   error timeout http_500 http_502 http_503 http_504;
            proxy_cache_revalidate  on;
            proxy_cache_min_uses    3;
            proxy_cache_lock        on;
            add_header              X-Cached $upstream_cache_status;
        }
    }
}