{% macro opcache(values) -%}
opcache.interned_strings_buffer={{ values.nextcloud.op_cache_interned_strings_buffer }}
opcache.memory_consumption={{ values.nextcloud.op_cache_memory_consumption }}
{%- endmacro -%}

{% macro php(values) -%}
max_execution_time={{ values.nextcloud.max_execution_time }}
{%- endmacro -%}

{% macro limit_request_body(values) -%}
{%- set bytes_gb = 1024 * 1024 * 1024 -%}
LimitRequestBody {{ values.nextcloud.php_upload_limit * bytes_gb }}
{%- endmacro -%}

{% macro use_x_real_ip_in_logs() -%}
{# `(%{X-Real-IP}i)` is added after each LogFormat `%h` statement from /etc/apache2/apache2.conf -#}
LogFormat "%v:%p %h (%{X-Real-IP}i) %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h (%{X-Real-IP}i) %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h (%{X-Real-IP}i) %l %u %t \"%r\" %>s %O" common
{%- endmacro -%}

{% macro nginx_conf(values) -%}
{%- set port = namespace(x=":$server_port") -%}
{%- if values.network.nginx.use_different_port -%}
  {%- set port.x = ":%d"|format(values.network.nginx.external_port) -%}
{%- endif -%}
{%- if port.x == ":443" -%}
  {%- set port.x = "" -%}
{%- endif -%}

events {}
http {
  server {
    listen              {{ values.network.web_port.port_number }} ssl;
    listen              [::]:{{ values.network.web_port.port_number }} ssl;
    http2               on;

    # Redirect HTTP to HTTPS
    error_page 497 301 =307 https://$host{{ port.x }}$request_uri;

    ssl_certificate     {{ values.consts.ssl_cert_path }};
    ssl_certificate_key {{ values.consts.ssl_key_path }};

    client_max_body_size {{ values.nextcloud.php_upload_limit }}G;
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;

    location = /robots.txt {
      allow all;
      log_not_found off;
      access_log off;
    }

    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

    location / {
      proxy_pass http://{{ values.consts.nextcloud_container_name }}:80;
      proxy_http_version                 1.1;
      proxy_cache_bypass                 $http_upgrade;
      proxy_request_buffering            off;

      # Proxy headers
      proxy_set_header Upgrade           $http_upgrade;
      proxy_set_header Connection        "upgrade";
      proxy_set_header Host              $http_host;
      proxy_set_header X-Real-IP         $remote_addr;
      proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header X-Forwarded-Host  $host;
      proxy_set_header X-Forwarded-Port  {{ port.x | default("443", true) | replace(":", "") }};

      # Proxy timeouts
      proxy_connect_timeout              {{ values.network.nginx.proxy_timeout }}s;
      proxy_send_timeout                 {{ values.network.nginx.proxy_timeout }}s;
      proxy_read_timeout                 {{ values.network.nginx.proxy_timeout }}s;
    }

    include /etc/nginx/includes/*.conf;
  }
}
{%- endmacro -%}