limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;

server {
  listen          80 default_server;
  server_name     secretbee.buzz;
  limit_req zone=mylimit burst=20;

  location / {
    return 301 https://$host$request_uri;
  }
}

server {
  listen         443 ssl;
  listen [::]:443 ssl http2;
  server_name    secretbee.buzz;

  limit_req zone=mylimit burst=20;

  root /var/www;

  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

  ssl_certificate     /etc/letsencrypt/live/secretbee.buzz/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/secretbee.buzz/privkey.pem;
  ssl_protocols       TLSv1.2 TLSv1.3;
  ssl_ciphers         HIGH:!aNULL:!MD5;

  location /.well-known/matrix/server {
      default_type application/json;
      add_header Access-Control-Allow-Origin "*";
      return 200 '{"m.server": "matrix.secretbee.buzz:443"}';
  }

  location /.well-known/matrix/client {
      default_type application/json;
      add_header Access-Control-Allow-Origin "*";
      return 200 '{"m.homeserver": {"base_url": "https://matrix.secretbee.buzz"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.secretbee.buzz"}}';
  }

  # Matrix Support contact information (MSC1929)
  location /.well-known/matrix/support {
      default_type application/json;
      add_header Access-Control-Allow-Origin "*";
      return 200 '{"contacts": [{"matrix_id": "@admin:secretbee.buzz", "email_address": "admin@server.name", "role": "m.role.admin"}]}';
  }

  location / {
    default_type "text/html";
    try_files  $uri $uri.html $uri/index.html index.html;
  }

  location /siri {
    return 301 https://gallery.secretbee.buzz/s/siri;
  }
}