map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}
map $http_upgrade $vs_connection_header {
    default upgrade;
    ''      $default_connection_header;
}

server {
    listen 443 ssl;
    server_name gitlab.${BASEDOMAIN} registry.${BASEDOMAIN} minio.${BASEDOMAIN};

    ssl_certificate /etc/nginx/certs/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/privkey.pem;

    location / {
        set $default_connection_header close;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $vs_connection_header;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $scheme;

        resolver 127.0.0.11 valid=30s;
        set $upstream_gitlab gitlab;
        proxy_pass https://$upstream_gitlab:443;
    }
}

server {
    listen 443 ssl default_server;
    server_name _;

    ssl_certificate /etc/nginx/certs/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/privkey.pem;

    location / {
        client_max_body_size 10g;

        set $default_connection_header close;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $vs_connection_header;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $scheme;

        resolver 127.0.0.11 valid=30s;
        set $upstream_gitpod gitpod;
        proxy_pass https://$upstream_gitpod:443;
    }
}