server {
    listen 443 ssl;
    listen 8448 ssl default_server;
    server_name matrix.nhcarrigan.com;
    ssl_certificate /etc/letsencrypt/live/matrix.nhcarrigan.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/matrix.nhcarrigan.com/privkey.pem;

    # Root path redirect only for port 443
    location = / {
        if ($server_port = 443) {
            return 301 https://matrix.to/#/#home:matrix.nhcarrigan.com;
        }
    }

    location /.well-known/matrix/server {
	return 200 '{"m.server": "matrix.nhcarrigan.com:443"}';
	add_header Content-Type application/json;
    }

    location /.well-known/matrix/client {
	return 200 '{"m.homeserver": {"base_url": "https://matrix.nhcarrigan.com"}}';
	add_header Content-Type application/json;
	add_header "Access-Control-Allow-Origin" *;
	add_header "Access-Control-Allow-Methods" "GET";
    }

    location ~ ^(/_synapse/admin) {
	proxy_pass http://localhost:8008;
	add_header Access-Control-Allow-Origin "https://matrix-admin.nhcarrigan.com" always;
	proxy_hide_header Access-Control-Allow-Origin;
    }

    location ~ ^(/_matrix|/_synapse/client) {
        proxy_set_header Host $host:$server_port;
        proxy_pass http://127.0.0.1:8008;
        proxy_redirect off;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-For $remote_addr;
    }
}

server {
    listen 443 ssl;
    server_name matrix-admin.nhcarrigan.com;
    ssl_certificate /etc/letsencrypt/live/matrix-admin.nhcarrigan.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/matrix-admin.nhcarrigan.com/privkey.pem;

    location / {
        proxy_set_header Host $host;
        proxy_pass http://localhost:5173;
        proxy_redirect off;
    }
}