server {
	listen 80;

	access_log /var/log/nginx/hub.access.log;
# add Strict-Transport-Security to prevent man in the middle attacks

   server_name hub.${DOMAIN};
   
   root /var/www/html/ ;

   include /etc/nginx/snippets/letsencrypt.conf;

   location / {
       return 301 https://$host$request_uri;
   }


}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name hub.${DOMAIN} ; 

    access_log /var/log/nginx/hub.access.log;
    error_log /var/log/nginx/hub.error.log;
    # add Strict-Transport-Security to prevent man in the middle attacks
    #add_header Strict-Transport-Security "max-age=31536000"; 
    client_max_body_size 100M;

    ssl_certificate /ssl/certs/nginx.crt;
    ssl_certificate_key /ssl/private/nginx.key;
   
	location / {
		proxy_set_header        Host $host;
		proxy_set_header        X-Real-IP $remote_addr;
		proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header        X-Forwarded-Proto $scheme;

		proxy_pass ${HUB_INTERNAL};
	}

    location ~* /user/([a-zA-Z0-9]+)/(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? {

        proxy_set_header      Host $host;
        # websocket support
        proxy_http_version    1.1;
        proxy_set_header      Upgrade "websocket";
        proxy_set_header      Connection "Upgrade";

        proxy_pass ${HUB_INTERNAL};
    }
}