server {
  server_name ${BASENAME_FOR_SUBDOMAIN} ${MINIO_YNT_HOST} ${MINIO_ADMIN_YNT_HOST} ${KC_YNT_HOST};
  listen 80;
  return 301 https://${DOLLAR}host${DOLLAR}request_uri;
}

server {
  server_name ${BASENAME_FOR_SUBDOMAIN};
  listen 443 ssl;

  ssl_certificate /etc/nginx/ssl/server.crt.pem;
  ssl_certificate_key /etc/nginx/ssl/server.key.pem;

  proxy_http_version 1.1;
  proxy_busy_buffers_size   512k;
  proxy_buffers   4 512k;
  proxy_buffer_size   256k;  
  proxy_connect_timeout 75s;

  location / {
    proxy_pass http://yonote:3000;
    proxy_set_header Host ${DOLLAR}host;
    proxy_set_header Connection '';
    chunked_transfer_encoding off;
    proxy_cache off;
 }

  location ^~/realtime {
    proxy_http_version 1.1;
    proxy_set_header Upgrade ${DOLLAR}http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host ${DOLLAR}host;
    proxy_pass http://yonote:3000;
 }
  location ^~/collaboration {
    proxy_http_version 1.1;
    proxy_set_header Upgrade ${DOLLAR}http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host ${DOLLAR}host;
    proxy_pass http://yonote:3000;
  }
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name ${MINIO_YNT_HOST};

  ssl_certificate /etc/nginx/ssl/server.crt.pem;
  ssl_certificate_key /etc/nginx/ssl/server.key.pem;

  # To allow special characters in headers
  ignore_invalid_headers off;
  # Allow any size file to be uploaded.
  # Set to a value such as 1000m; to restrict file size to a specific value
  client_max_body_size 0;
  # To disable buffering
  proxy_buffering off;

  # Use Docker DNS
  # You might not need this section but in case you need to resolve
  # docker service names inside the container then this can be useful.
  # resolver 127.0.0.11 valid=10s;
  # resolver_timeout 5s;

  # Apparently the following line might prevent caching of DNS lookups
  # and force nginx to resolve the name on each request via the internal
  # Docker DNS.
  # set ${DOLLAR}upstream "s3";

  # Proxy requests to the Minio API on port 9000
  location / {
    proxy_pass http://s3:9000;

    proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
    proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
    proxy_set_header Host ${DOLLAR}http_host;

    proxy_connect_timeout 300;

    # To support websocket
    # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
    proxy_http_version 1.1;
    proxy_set_header Upgrade ${DOLLAR}http_upgrade;
    proxy_set_header Connection "upgrade";
    chunked_transfer_encoding off;
  }
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name ${MINIO_ADMIN_YNT_HOST};

  ssl_certificate /etc/nginx/ssl/server.crt.pem;
  ssl_certificate_key /etc/nginx/ssl/server.key.pem;

  # To allow special characters in headers
  ignore_invalid_headers off;
  # Allow any size file to be uploaded.
  # Set to a value such as 1000m; to restrict file size to a specific value
  client_max_body_size 0;
  # To disable buffering
  proxy_buffering off;

  # Use Docker DNS
  # You might not need this section but in case you need to resolve
  # docker service names inside the container then this can be useful.
  # resolver 127.0.0.11 valid=10s;
  # resolver_timeout 5s;

  # Apparently the following line might prevent caching of DNS lookups
  # and force nginx to resolve the name on each request via the internal
  # Docker DNS.
  # set ${DOLLAR}upstream "s3";

  # Minio Console (UI)
  location / {
    # This was really the key for me. Even though the Nginx docs say 
    # that with a URI part in the `proxy_pass` directive, the `/console/`
    # URI should automatically be rewritten, this wasn't working for me.
    # rewrite ^/console/(.*)${DOLLAR} /${DOLLAR}1 break;

    proxy_pass http://s3:9001;

    proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
    proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
    proxy_set_header Host ${DOLLAR}http_host;

    proxy_connect_timeout 300;
    proxy_set_header Connection "";
    chunked_transfer_encoding off;

    # To support websocket
    proxy_http_version 1.1;
    proxy_set_header Upgrade ${DOLLAR}http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Origin '';
  }
}

server {
  server_name ${KC_YNT_HOST};
  listen 443 ssl;

  ssl_certificate /etc/nginx/ssl/server.crt.pem;
  ssl_certificate_key /etc/nginx/ssl/server.key.pem;

  proxy_http_version 1.1;
  proxy_busy_buffers_size   512k;
  proxy_buffers   4 512k;
  proxy_buffer_size   256k;
  proxy_read_timeout 300s;
  proxy_connect_timeout 75s;

  proxy_set_header Host ${DOLLAR}host; # to forward the original host requested by the client
  proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
  proxy_set_header X-Forwarded-Host ${DOLLAR}host;
  proxy_set_header X-Forwarded-Port 9443;
  proxy_set_header X-Forwarded-Server ${DOLLAR}host;
  proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; # To forward the original client's IP address
  proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; # to forward the  original protocol (HTTP or HTTPS)

  location / {
    proxy_pass http://keycloak:8080;
 }
}