# Nginx rules for caching the notification service related static resources.
# It revalidates with upstream ever 2 mintues.

location ^~ /tunnel {
    proxy_pass $scheme://$backend;
    # Don't include queryparams in cache key.
    # This is to avoid multiple cache copies depending on
    # any queryparam change
    proxy_cache_key "$uri $http_host";
    proxy_cache $openfire_cache;
    add_header X-ReverseProxy-Cache-Status $upstream_cache_status;
    proxy_cache_revalidate on;
    proxy_cache_valid 200 302 2m;
    add_header Cache-Control "must-revalidate";
    etag on;
}

# Cache the protocol upgrade request
location /ws {
    # Allow only those connections which are made by clients from which users are already authenticated.
    rewrite_by_lua_file /usr/local/openresty/nginx/lua/block_unauthorized_users.lua;

    proxy_pass $scheme://$backend;
    # Re include common proxy headers as inherited ones will
    # be ignored if proxy_set_header is used inside block
    include ${NGX_CONF_DIR}/components/${NGX_COMP_DIR_NAME}/proxy_headers;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}
