server {
	listen  443  ssl  http2;
	listen  8090; # Tor
	listen  127.0.0.1:8111; # I2P

	server_name  radio.arav.top radio.arav.i2p mkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion;

	access_log  /var/log/nginx/dwelling/radio.log  main  if=$nolog;

	ssl_certificate      /etc/letsencrypt/live/arav.top/fullchain.pem;
	ssl_certificate_key  /etc/letsencrypt/live/arav.top/privkey.pem;

	add_header  Content-Security-Policy    "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'none'";
	add_header  X-Frame-Options            "DENY";
	add_header  X-Content-Type-Options     "nosniff";
	add_header  X-XSS-Protection           "1; mode=block";
	add_header  Strict-Transport-Security  "max-age=31536000; includeSubDomains; preload";
	add_header  Onion-Location             "http://mkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion$request_uri";


	location / {
		proxy_pass  http://unix:/var/run/dwelling-radio/r.sock/;

		proxy_buffering  off;

		proxy_set_header  X-Client-Timezone  $gi2_location_tz;
		proxy_set_header  Host  $host;
		proxy_set_header  Scheme  $scheme;
	}


	location =/filelist {
		alias  $http_root/shared/radio_filelist.html;

		default_type  text/html;
	}

	location =/robots.txt {
		alias  $http_root/shared/files/radio.robots.txt;

		default_type  text/html;
	}


	location /live/ {
		proxy_pass  http://127.0.0.1:8000/;

		proxy_buffering  off;

		proxy_set_header  X-Real-IP  $remote_addr;
	}

	location /live/admin/ {
		deny  all;
	}
}

server {
	listen  8000;

	server_name  radio.arav.top;

	access_log  /var/log/nginx/dwelling/radio.http.log  main  if=$nolog;

	add_header Content-Security-Policy "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'none'";
	add_header X-Frame-Options         "DENY";
	add_header X-Content-Type-Options  "nosniff";
	add_header X-XSS-Protection        "1; mode=block";
	add_header Onion-Location          "http://mkgnmhmzqm7kyzv7jnzzafvgm7xlmlfvzhgorpapd5or2arnhuktqd.onion/live$request_uri";


	location / {
		proxy_pass       http://127.0.0.1:8000/;
		proxy_buffering  off;
	}

	location /admin/ {
		deny all;
	}
}