server {
	include sourcehut.conf;
	include port80.conf;
	server_name chat.localtest.me;

	client_max_body_size 100M;

	location / {
		# TODO: find a nicer way to do this
		if ($http_cookie !~* "sr.ht.unified-login.v1") {
			return 302 https://meta.sr.ht/login?return_to=$scheme://$host$request_uri;
		}

		root /usr/share/webapps/gamja;
		include headers.conf;
		# We have to use a weird connect-src because of a Safari bug
		# https://bugs.webkit.org/show_bug.cgi?id=201591
		add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src wss://chat.sr.ht https://chat.sr.ht" always;
		# TODO: setup caching
	}

	# Manifests aren't requested with cookies by default,
	# so it needs to be served in a location directive
	# that doesn't perform the auth redirect.
	location = /manifest.webmanifest {
		root /usr/share/webapps/gamja;
	}

	location /socket {
		proxy_pass http://srhts:8080;
		proxy_read_timeout 600s;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
		include web.conf;
	}

	location /config.json {
		proxy_pass http://srhts:8080;
		include web.conf;
	}

	location /metrics {
		proxy_pass http://srhts:6060;
	}
}