#  Basic configuration
user nginx;
worker_processes  1;
error_log /dev/stderr info;
pid /var/run/nginx.pid;
include /etc/nginx/modules/devel_kit.conf;
include /etc/nginx/modules/http_lua.conf;

events {
    worker_connections  1024;
}

# Environment variables used in the configuration
env WEBMAIL;
env WEBDAV;
env EXPOSE_ADMIN;

http {
    # Standard HTTP configuration with slight hardening
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    access_log /dev/stdout;
    sendfile on;
    keepalive_timeout  65;
    server_tokens off;

    server {
      listen 80;
      listen [::]:80;

      # Load Lua variables
      set_by_lua $webmail 'return os.getenv("WEBMAIL")';
      set_by_lua $webdav 'return os.getenv("WEBDAV")';
      set_by_lua $expose_admin 'return os.getenv("EXPOSE_ADMIN")';

      # Actual logic

      location / {
        if ($webmail != none) {
          return 301 $scheme://$host/webmail/;
        }

        if ($webmail = none) {
          return 403;
        }
      }

      location /webmail {
        if ($webmail != none) {
          proxy_pass http://webmail;
        }

        if ($webmail = none) {
          return 403;
        }
      }

      location /admin {
        if ($expose_admin = yes) {
          proxy_pass http://admin;
        }

        if ($expose_admin != yes) {
          return 403;
        }
      }

      location /webdav {
        if ($webdav != none) {
          proxy_pass http://webdav:5232;
        }

        if ($webdav = none) {
          return 403;
        }
      }

      location /.well-known/acme-challenge {
        proxy_pass http://admin:8081;
      }
    }
}