server {
    # SLB IP
    listen 213.180.193.115:443;
    listen [2a02:6b8::115]:443;

    # Tunnel IP
    listen 5.45.202.34:443;
    listen 5.45.202.35:443;
    listen 5.45.202.36:443;
    listen 5.45.202.37:443;

    # Server IP
    listen [1::2:3:4]:443;
    listen 127.0.0.1:443;
    listen [::1]:443;


    server_name mobileproxy-yateam.passport.yandex.net;

    set $ya_consumer_client_ip $remote_addr;

    ssl on;
    ssl_certificate certs/mobileproxy.passport.yandex.net.crt;
    ssl_certificate_key certs/mobileproxy.passport.yandex.net.key;
    ssl_ciphers kEECDH+AES128:kECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache shared:SSL:32m;
    ssl_session_timeout 5m;

    access_log /var/log/nginx/mobileproxy.access.log mobileproxy buffer=128k flush=5s;
    error_log /var/log/nginx/mobileproxy.error.log warn;

    location ^~ /ping {
        proxy_set_header    Host                        passport-internal.yandex-team.ru;
        proxy_set_header    Ya-Consumer-Client-Ip       $ya_consumer_client_ip;
        proxy_set_header    X-Request-Id                $request_id;
        proxy_set_header    X-YProxy-Header-Ip          $http_x_yproxy_header_ip;

        proxy_pass https://passport-internal.yandex-team.ru;
    }

    location ~ ^/1/token/?$ {
        rewrite ^/(.*)/$ /$1;
        rewrite ^/1/(.*)$ /$1 break;
        proxy_set_header    Host                        oauth-internal.yandex-team.ru;
        proxy_set_header    Ya-Consumer-Client-Ip       $ya_consumer_client_ip;
        proxy_set_header    X-Request-Id                $request_id;
        proxy_set_header    X-YProxy-Header-Ip          $http_x_yproxy_header_ip;

        antirobot_request /nocaptcha-antirobot;

        proxy_pass https://oauth-internal.yandex-team.ru;
        mirror /ysa_mirror;
    }

    location ~ ^/1/(?:revoke_token|device/code)/?$ {
        rewrite ^/(.*)/$ /$1;
        rewrite ^/1/(.*)$ /$1 break;
        proxy_set_header    Host                        oauth-internal.yandex-team.ru;
        proxy_set_header    Ya-Consumer-Client-Ip       $ya_consumer_client_ip;
        proxy_set_header    X-Request-Id                $request_id;
        proxy_set_header    X-YProxy-Header-Ip          $http_x_yproxy_header_ip;

        antirobot_request /nocaptcha-antirobot;

        proxy_pass https://oauth-internal.yandex-team.ru;
    }

    location ~ ^/1/bundle/mobile/auth/password/? {
        rewrite ^/(.*)/$ /$1;
        rewrite ^/(.*)$ /mobileproxy/$1/ break;
        proxy_set_header    Host                        passport-internal.yandex-team.ru;
        proxy_set_header    Ya-Consumer-Client-Ip       $ya_consumer_client_ip;
        proxy_set_header    X-Request-Id                $request_id;
        proxy_set_header    X-YProxy-Header-Ip          $http_x_yproxy_header_ip;

        antirobot_request /nocaptcha-antirobot;

        proxy_pass https://passport-internal.yandex-team.ru;
        mirror /ysa_mirror;
    }

    location ~ ^/(?:1/(?:user_info|suggest/country|bundle/(?:account/short_info|auth/x_token|mobile/(?:start|auth/rfc_otp)|suggest/mobile_language|oauth/token_by_sessionid))|2/bundle/mobile/start)/?$ {
        rewrite ^/(.*)/$ /$1;
        rewrite ^/(.*)$ /mobileproxy/$1/ break;
        proxy_set_header    Host                        passport-internal.yandex-team.ru;
        proxy_set_header    Ya-Consumer-Client-Ip       $ya_consumer_client_ip;
        proxy_set_header    X-Request-Id                $request_id;
        proxy_set_header    X-YProxy-Header-Ip          $http_x_yproxy_header_ip;

        antirobot_request /nocaptcha-antirobot;

        proxy_pass https://passport-internal.yandex-team.ru;
    }

    location = /ysa_mirror {
        internal;

        access_log /var/log/nginx/mobileproxy-ysa.access.log mobileproxy buffer=128k flush=5s;
        error_log /var/log/nginx/mobileproxy-ysa.error.log warn;
        log_subrequest on;

        proxy_read_timeout    3ms;
        proxy_send_timeout    1ms;
        proxy_connect_timeout 1ms;
        proxy_http_version    1.1;
        proxy_set_header      Connection "";
        proxy_set_header      X-Request-Id   $request_id;
        proxy_set_header      X-Real-IP      $remote_addr;
        proxy_set_header      X-Real-Port    $remote_port;
        proxy_set_header      X-Server-IP    $server_addr;
        proxy_set_header      X-Server-Port  $server_port;
        proxy_pass http://ysa$request_uri;
    }

    include /etc/nginx/conf.d/antirobot_locations;

    location / {
        return 404;
    }
}
