add_header  X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";

proxy_cache_path /var/cache/nginx/gitea levels=1:2 keys_zone=my_cache_gitea:10m max_size=2g         
                 inactive=60m use_temp_path=off;

# Upstream with keepalive
upstream gitea_backend {
    server 10.0.0.48:4000;
    keepalive 16;
    keepalive_requests 1000;
    keepalive_timeout 60s;
}

server{
	listen 80;
	server_name gitea.egonetix.de;
	return 301 https://$server_name/gitea$request_uri;
}


server {
 listen 10.0.0.29:443 ssl http2;
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

 # SSL config
 ssl on;
 ssl_certificate /etc/letsencrypt/live/gitea.egonetix.de/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/gitea.egonetix.de/privkey.pem;
 ssl_dhparam /etc/ssl/certs/dhparam.pem;

 # Make site accessible from http://localhost/
 server_name gitea.egonetix.de;

 access_log /var/log/nginx/gitea-access_log;
 error_log /var/log/nginx/gitea-error_log;

 # Gzip compression for Gitea
 gzip on;
 gzip_vary on;
 gzip_proxied any;
 gzip_comp_level 5;
 gzip_types text/plain text/css text/xml text/javascript 
            application/json application/javascript application/xml+rss image/svg+xml;
 gzip_min_length 1000;

 set $upstream 10.0.0.48;

 # Static files with aggressive caching
 location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
     proxy_pass http://gitea_backend;
     proxy_cache my_cache_gitea;
     proxy_cache_valid 200 24h;
     expires 24h;
     add_header Cache-Control "public, immutable";
     proxy_http_version 1.1;
     proxy_set_header Connection "";
 }

 location / {

 proxy_cache my_cache_gitea;
 proxy_cache_revalidate on;
 proxy_cache_min_uses 3;
 proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
 proxy_cache_lock on;
 proxy_pass_header Authorization;
 proxy_pass http://gitea_backend;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_http_version 1.1;
 proxy_set_header Connection "";
 proxy_buffering off;
 client_max_body_size 0;
 proxy_read_timeout 36000s;
 proxy_redirect off;
 proxy_ssl_session_reuse off;

 }
}