server {
    listen 80;
    listen [::]:80;
    server_name yourdomain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name yourdomain.com;

    ssl_certificate     /etc/nginx/cert/yourdomain.com.pem;
    ssl_certificate_key /etc/nginx/cert/yourdomain.com.key;
    
    location ~ /.well-known/(webfinger|host-meta)$ {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_cache gotosocial_ap_public_responses;
        proxy_cache_background_update on;
        proxy_cache_key $scheme://$host$uri$is_args$query_string;
        proxy_cache_valid 200 10m;
        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429;
        proxy_cache_lock on;
        add_header X-Cache-Status $upstream_cache_status;

        proxy_pass http://127.0.0.1:8788;
    }

    location ~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$ {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_cache gotosocial_ap_public_responses;
        proxy_cache_background_update on;
        proxy_cache_key $scheme://$host$uri;
        proxy_cache_valid 200 604800s;
        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_429;
        proxy_cache_lock on;
        add_header X-Cache-Status $upstream_cache_status;

        proxy_pass http://127.0.0.1:8788;
    }

    location /assets/ {
        alias web-asset-base-dir/;
        autoindex off;
        expires 5m;
        add_header Cache-Control "public";
    }

    location @fileserver {
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /fileserver/ {
        proxy_pass http://127.0.0.1:8788/;
        alias storage-local-base-path/;
        autoindex off;
        expires max;
        add_header Cache-Control "private, immutable";
        try_files $uri @fileserver;
    }

    location / {
        proxy_pass http://127.0.0.1:8788;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    
    client_max_body_size 40M;
}