limit_req_zone $binary_remote_addr zone=push_json:32m rate=200r/s;

map $http_host $upstream {
    default jaeger_upstream;
}

upstream jaeger_upstream {
    server localhost:16686;
}
upstream jaeger_check_upstream {
    server localhost:14269;
}
upstream auth_upstream {
    server 127.0.0.1:9090;
}

client_max_body_size    16m;
client_body_buffer_size 128k;

client_header_buffer_size   4k;
large_client_header_buffers 8 32k;

proxy_buffer_size               128k;
proxy_buffers                   16 128k;
proxy_busy_buffers_size         256k;
proxy_temp_file_write_size      256k;

log_format  debug '$time_local {"remote_addr":"$remote_addr", "status":"$status", "request":"$request", "body":"$request_body"}';

server {
    listen      80 default_server;
    listen      [::]:80 default_server;
    listen      443 ssl http2 default_server;
    listen      [::]:443 ssl http2 default_server;

    include     /etc/nginx/ssl_config;

    location =/ping-internal {
        return 200 "OK";
    }
    location =/proxy.html {
        return 200 "$hostname";
    }
    location =/balancer-ping {
        proxy_pass  http://jaeger_check_upstream/;
        proxy_redirect  off;
    }
    location / {
        return 302 https://$host$request_uri;
    }
}

server {
    listen      80;
    listen      [::]:80;
    listen      443 ssl http2;
    listen      [::]:443 ssl http2;
    server_name tracing.mon.yandex.net
                jaeger.solomon.yandex-team.ru
                jaeger.mon.yandex.net;

    include     /etc/nginx/ssl_config;

    location / {
        return 302 https://tracing.yandex-team.ru$request_uri;
    }
}

server {
    listen      443 ssl http2;
    listen      [::]:443 ssl http2;
    server_name jaeger.yandex-team.ru
                tracing.yandex-team.ru;
    include     /etc/nginx/ssl_config;
    
    add_header X-Backend "$hostname";
    add_header X-Service-Backend "$upstream_addr";

    location =/ping {
        auth_request /authdir;
        error_page 403 =200 /ping-internal;
    }
    location =/ping-internal {
        return 200 "OK";
    }
    location =/proxy.html {
        return 200 "$hostname";
    }
    location =/balancer-ping {
        proxy_pass  http://jaeger_check_upstream/;
        proxy_redirect  off;
    }

    location /authdir {
        internal;

        auth_request_set $YandexTeamLogin       $upstream_http_Burne_Yandex_Login;

        proxy_pass                              http://auth_upstream;
        proxy_set_header Host                   $http_host;
        proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto      $scheme;
        proxy_set_header X-Real-IP              $remote_addr;
        proxy_set_header X-Retpath              $http_host;
        proxy_set_header Content-Length         "";
        proxy_set_header X-Auth-All             "";
    }

    location / {
        set     $passport                       https://passport.yandex-team.ru/auth?retpath=https://$http_host$uri;
        set     $origurl                        https://$http_host$uri;

        if ( $cookie_sessionid2 = "" ) {
            return 302 $passport;
        }
        auth_request                            /authdir;
        auth_request_set $DeniedReason          $upstream_http_DeniedReason;
        auth_request_set $YandexTeamLogin       $upstream_http_Burne_Yandex_Login;

        proxy_pass                              http://$upstream;
        proxy_set_header Host                   $host;
        proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto      $scheme;
        proxy_set_header X-Real-IP              $remote_addr;
        proxy_set_header X-Retpath              $http_host;
        proxy_set_header Authorization          "";
        proxy_set_header X-Yandex-Login         $YandexTeamLogin;
        proxy_set_header X-Forwarded-User       $YandexTeamLogin;

    }

    location =/bad/401.html {
        return 200  "<html><body><h1>Error 401: Unauthorized</h1></body></html>";
    }
    location =/bad/403.html {
        return 200  "<html><body><h1>Error 403: Access denied</h1></body></html>";
    }
    location =/bad/404.html {
        return 200  "<html><body><h1>Error 404: Page not found</h1></body></html>";
    }
    location =/bad/502.html {
        return 200  "<html><body><h1>Error 502: Backends are broken</h1><br>
                Backend at $host is broken.</body></html>";
    }
    location =/bad/5xx.html {
        return 200  "<html><body><h1>Error 5XX happened: something bad happened with backends</h1><br>
                Probably, $host backend is too slow, or is failing.</body></html>";
    }
    error_page 401 /bad/401.html;
    error_page 403 /bad/403.html;
    error_page 404 /bad/404.html;
    error_page 502 /bad/502.html;
    error_page 500 503 504 /bad/5xx.html;
}
