upstream app_server {
	server unix:/run/gunicorn.sock fail_timeout=0;
}

server {
	#listen 80;

	root /home/ross/web/viewer;
	#index index.html index.htm;


	server_name viewer.penracourses.org.uk;

	location / {


		#if ($request_method = 'OPTIONS') {
		#	add_header 'Access-Control-Allow-Origin' * always;
		#	add_header 'Access-Control-Allow-Credentials' 'true' always;
		#	add_header 'Access-Control-Allow-Headers' "Origin, X-Requested-With, Content-Type, Accept" always;
		#	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
		#	add_header 'Access-Control-Max-Age' 1728000;
		#	add_header 'Content-Type' 'text/plain; charset=utf-8';
		#	add_header 'Content-Length' 0;
		#	return 204;
		#}

		#alias /home/ross/web/viewer;

		#add_header Cross-Origin-Opener-Policy same-origin;
		#add_header Cross-Origin-Embedder-Policy require-corp;

		#add_header 'Cross-Origin-Opener-Policy' 'cross-origin' always;
		#add_header 'Cross-Origin-Embedder-Policy' 'credentialless' always;

		index index.html;

		try_files $uri $uri/ /index.html;
		add_header Cache-Control "no-store, no-cache, must-revalidate";
		add_header 'Cross-Origin-Resource-Policy' 'cross-origin';
	}



	listen 443 ssl; # managed by Certbot
		ssl_certificate /etc/letsencrypt/live/viewer.penracourses.org.uk/fullchain.pem; # managed by Certbot
		ssl_certificate_key /etc/letsencrypt/live/viewer.penracourses.org.uk/privkey.pem; # managed by Certbot
		include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
		ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
	listen 80;
	server_name penracourses.org.uk;

	return 301 https://www.penracourses.org.uk$request_uri;
}

server {
	listen [::]:443 ssl; # managed by Certbot
		server_name penracourses.org.uk;
	listen 443 ssl; # managed by Certbot
		ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot
		ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot
		include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
		ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

		return 301 https://www.penracourses.org.uk$request_uri;
}


server {
	#listen 80;

	root /usr/share/nginx/html;
	index index.html index.htm;

	client_max_body_size 4G;
	#server_name _;
	server_name www.penracourses.org.uk;
	resolver 127.0.0.11;

	keepalive_timeout 20;

	set $cors "";
if ($http_origin ~* (https?://(localhost:5173|viewer\.penracourses\.org\.uk))) {
    set $cors $http_origin;
}


	# Your Django project's media files - amend as required
	location /media  {
		if ($request_method = OPTIONS ) {
        add_header 'Access-Control-Allow-Origin' $cors always;
			#add_header 'Access-Control-Allow-Origin' 'https://viewer.penracourses.org.uk' always;
			add_header 'Access-Control-Allow-Credentials' 'true' always;
			add_header 'Access-Control-Allow-Headers' "Origin, X-Requested-With, Content-Type, Accept" always;
			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
			add_header 'Access-Control-Max-Age' 1728000;
			add_header 'Content-Type' 'text/plain; charset=utf-8';
			add_header 'Content-Length' 0;
			return 200;
		}
		#add_header 'Access-Control-Allow-Origin' 'https://viewer.penracourses.org.uk' always;
        add_header 'Access-Control-Allow-Origin' $cors always;


		alias /home/ross/web/rad/media;
		#add_header Access-Control-Allow-Origin *;
		#add_header Access-Control-Allow-Origin http://localhost:8000;
		#add_header Vary Origin;
	}

	# your Django project's static files - amend as required
	location /static {
		alias /home/ross/web/static;
	}

	# rts
	location /rts {
		alias /home/ross/web/rts;
	}
	# OHIF
	location /viewer {
		#add_header 'Cross-Origin-Opener-Policy' 'cross-origin' always;
		#add_header 'Cross-Origin-Embedder-Policy' 'credentialless' always;
		#add_header 'Cross-Origin-Resource-Policy' 'cross-origin' always;
		alias /home/ross/web/viewer;
	}
	location /ohif {
		add_header 'Cross-Origin-Opener-Policy' 'same-origin' always;
		add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always;
		add_header 'Cross-Origin-Resource-Policy' 'same-site' always;
		alias /home/ross/web/ohif;
		try_files $uri /ohif/index.html;
		#autoindex on;
	}


	# # Proxy the static assests for the Django Admin panel
	# location /static/admin {
		#    alias /usr/lib/python3/dist-packages/django/contrib/admin/static/admin/;
		# }
	location /rota {
		alias /home/ross/proc/proc-rota;
		autoindex on;
	}

	location /uploader {
		alias /home/ross/uploader;
		autoindex on;
	}

	location ~ ^/reporter/(.*)$ {
		alias /home/ross/web/nicereporter;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Authorization $http_authorization;
            proxy_pass_header Authorization;

            proxy_pass http://127.0.0.1:5129/$1?$args;
            proxy_set_header X-Forwarded-Prefix /reporter;
            proxy_redirect http://127.0.0.1:5129/ /reporter/;
        }

	location / {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Host $host;
		proxy_redirect off;
		proxy_buffering off;
		#add_header 'Cross-Origin-Opener-Policy' 'single-origin' always;
		#add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always;
		#add_header 'Cross-Origin-Resource-Policy' 'same-site' always;
		#add_header 'Cross-Origin-Opener-Policy' 'same-origin' always;
		add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always;
		add_header 'Cross-Origin-Resource-Policy' 'same-site' always;
		#add_header 'Access-Control-Allow-Origin' $cors always;

		proxy_pass http://app_server;
		#add_header Access-Control-Allow-Origin *;
		#add_header Vary Origin;
	}

	#location ~* \.(jpg|jpeg|png|dicom)$ {
		#    add_header Access-Control-Allow-Origin *;
		#}
	# rota


	listen [::]:443 ssl; # managed by Certbot
		listen 443 ssl; # managed by Certbot
		ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot
		ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot
		include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
		ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

#server {
#server_name 161.35.163.87;
#add_header X-Frame-Options "SAMEORIGIN";
#
#return 301 $scheme://penracourses.org.uk$request_uri;
#}


#server {
#    #listen 80;
#    #server_name penracoureses.org.uk www.penracourses.org.uk;
#
#    root /usr/share/nginx/html;
#    index index.html index.htm;
#
#    client_max_body_size 4G;
#    #server_name _;
#    server_name penracourses.org.uk; # managed by Certbot
#
#    keepalive_timeout 5;
#
#    # Your Django project's media files - amend as required
#    location /media  {
#        alias /home/ross/web/rad/media;
#        #add_header Access-Control-Allow-Origin *;
#        #add_header Access-Control-Allow-Origin http://localhost:8000;
#	#add_header Vary Origin;
#    }
#
#    # your Django project's static files - amend as required
#    location /static {
#        alias /home/ross/web/rad/static;
#    }
#
#    # rts
#    location /rts {
#        alias /home/ross/web/rts;
#    }
#
#   # # Proxy the static assests for the Django Admin panel
#   # location /static/admin {
#   #    alias /usr/lib/python3/dist-packages/django/contrib/admin/static/admin/;
#   # }
#
#    location / {
#            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#            proxy_set_header Host $host;
#            proxy_redirect off;
#            proxy_buffering off;
#
#            proxy_pass http://app_server;
#    }
#
#    #location ~* \.(jpg|jpeg|png|dicom)$ {
#    #    add_header Access-Control-Allow-Origin *;
#    #}
#
#    # rota
#    location /rota {
#        alias /home/ross/proc-rota;
#    }
#
#    location /rota2 {
#        alias /home/ross/neos;
#    }
#
#
#
#
#
#    listen [::]:443 ssl ipv6only=on; # managed by Certbot
#    listen 443 ssl; # managed by Certbot
#    ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot
#    ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot
#    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#
#}



server {
	root /home/ross/web/rts;
	index index.html index.htm;

	client_max_body_size 4G;
	#server_name _;
	server_name dev.penracourses.org.uk www.dev.penracourses.org.uk;

	keepalive_timeout 5;

	# Your Django project's media files - amend as required
	location /media  {
		# Simple requests
		if ($request_method ~* "(GET|POST)") {
			add_header "Access-Control-Allow-Origin"  *;
		}

		# Preflighted requests
		if ($request_method = OPTIONS ) {
			add_header "Access-Control-Allow-Origin"  *;
			add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
			add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
			return 200;
		}
		alias /home/ross/web/rad/media;
		#add_header Access-Control-Allow-Origin *;
		#add_header Access-Control-Allow-Origin http://localhost:8000;
		#add_header Vary Origin;
	}

	# your Django project's static files - amend as required
	location /static {
		alias /home/ross/web/rad/static;
	}

	# rts
	location /rts {
		alias /home/ross/web/rts;
	}

	# # Proxy the static assests for the Django Admin panel
	# location /static/admin {
		#    alias /usr/lib/python3/dist-packages/django/contrib/admin/static/admin/;
		# }

	location / {
		add_header 'Access-Control-Allow-Origin' '*' always;
		try_files $uri $uri/ =404;
		#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		#proxy_set_header X-Forwarded-Proto $scheme;
		#proxy_set_header Host $host;
		#proxy_redirect off;
		#proxy_buffering off;

		#proxy_pass http://app_server;
		#add_header Access-Control-Allow-Origin *;
		#add_header Vary Origin;
	}

	#location ~* \.(jpg|jpeg|png|dicom)$ {
		#    add_header Access-Control-Allow-Origin *;
		#}




	#listen [::]:443 ssl; # managed by Certbot
	#listen 443 ssl; # managed by Certbot
	#ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot
	#ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot
	#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
	if ($host = penracourses.org.uk) {
		return 301 https://www.$host$request_uri;
	} # managed by Certbot


	listen 80 ;
	listen [::]:80  ;
	server_name penracourses.org.uk;
	return 404; # managed by Certbot


}

server {
	if ($host = www.penracourses.org.uk) {
		return 301 https://$host$request_uri;
	} # managed by Certbot


	listen 80 default_server;
	listen [::]:80 default_server ipv6only=on;
	server_name www.penracourses.org.uk;
	return 404; # managed by Certbot


}



server {
	if ($host = viewer.penracourses.org.uk) {
		return 301 https://$host$request_uri;
	} # managed by Certbot



	server_name viewer.penracourses.org.uk;
	listen 80;
	return 404; # managed by Certbot


}
