server {
    listen       80;
    listen       [::]:80;
    server_name  pig.observer;

    set $RD "";
    if ($scheme = http) {
        set $RD Y;
    }

    if ($host = pig.observer) {
        set $RD "${RD}Y";
    }

    if ($RD = YY) {
        return 301 https://$host$request_uri;
    }

    add_header Onion-Location http://y4b244ai6krmmd6kjjiptqibjb4rvgf7lpeobhpk3j5vkvhqytt6ulyd.onion$request_uri;

    charset utf-8;
    charset_types text/xml text/css text/plain application/javascript application/rss+xml;
    #access_log  /var/log/nginx/host.access.log  main;
    rewrite_log on;
    
    gzip on;
    add_header Strict-Transport-Security max-age=31536000 always;
    add_header X-Content-Type-Options nosniff;

    location /georgiasnapshots/ {
        add_header  Access-Control-Allow-Origin *;
        proxy_pass  http://navigator-c2c.dot.ga.gov/snapshots/;
    }

    location /georgiavss1/ {
        proxy_pass  http://vss1live.dot.ga.gov/lo/;
    }

    location /georgiavss2/ {
        proxy_pass  http://vss2live.dot.ga.gov/lo/;
    }

    location /georgiavss3/ {
        proxy_pass  http://vss3live.dot.ga.gov/lo/;
    }

    location /georgiavss4/ {
        proxy_pass  http://vss4live.dot.ga.gov/lo/;
    }

    location /georgiavss5/ {
        proxy_pass  http://vss5live.dot.ga.gov/lo/;
    }

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}


    listen 443 ssl; # managed by Certbot
    listen [::]:443 ssl;
    ssl_certificate /etc/letsencrypt/live/pig.observer/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/pig.observer/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}