#ginx configuration for both HTTP and SSL

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 443 ssl;
    listen 80;
    listen [::]:80;

   # resolver 10.96.0.10 valid=5s;
    server_name localhost;
    set $upstream http://localhost:80;

    ssl_certificate /etc/nginx/conf/server.crt;
    ssl_certificate_key /etc/nginx/conf/server.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;

    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;

    ssl_protocols TLSv1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    ssl_stapling off;
    ssl_stapling_verify off;

    ssl_verify_client off;
   
    #mi serve per vedere se l'ip che mi contatta appartiene ad una data nazione
    if ($geoip_country_code = {{ paese }}) {
        return 403;
    }

    location / {
        client_max_body_size 0;
        proxy_http_version 1.1;
        proxy_redirect off;


        index index.html index.htm;
        root /usr/share/nginx/html;
    }

    include includes/location_common.conf;
}