upstream hydra_public_api {
        server hydra:4444;
        server hydra:4444;
}
upstream hydra_admin_api {
        server hydra:4445;
        server hydra:4445;
}
upstream frontend {
    server front:3000;
    server front:3000;
}

server {
    listen 80;
    server_name oauth2.logidex.ru;
    location ~ ^/(admin|clients|keys|health|metrics|version|oauth2/auth/requests|oauth2/introspect|oauth2/flush)/? {
      set $allow 0;
      if ($remote_addr ~* "172.28.0.*") {
        set $allow 1;
      }
      if ($arg_secret = "CHANGE-ME-INSECURE-PASSWORD") {
        set $allow 1;
      }
      if ($http_x_secret = "CHANGE-ME-INSECURE-PASSWORD") {
          set $allow 1;
      }
      if ($allow = 0) {
        return 403;
      }

      proxy_pass http://hydra_admin_api;
      proxy_redirect    off;
      proxy_set_header  Host               $host;
      proxy_set_header  X-Real-IP          $remote_addr;
      proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
      proxy_set_header  X-Forwarded-Proto  $http_x_forwarded_proto;
    }

    location ~ ^/(.well-known|oauth2/auth|oauth2/token|oauth2/sessions|oauth2/revoke|oauth2/fallbacks/consent|oauth2/fallbacks/error|userinfo)/? {
          proxy_pass http://hydra_public_api;
          proxy_redirect    off;
          proxy_set_header  Host              $host;
          proxy_set_header  X-Real-IP         $remote_addr;
          proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
          proxy_set_header  X-Forwarded-Proto $http_x_forwarded_proto;
    }
}

server {
    listen 80;
    server_name id.logidex.ru;

    location / {
        proxy_pass http://frontend;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}