server {

        root C:/tools/nginx-NGINX_VERSION/html/opentakserver;
        index index.html index.htm index.nginx-debian.html;
        server_name public.opentakserver.io;

        # Do not allow calls to the Marti API on port 443. Only allow them to port 8443 where
        # SSL client certificate verification is enabled
        location ~ ^/Marti {
                return 404;
        }

        # Proxy WebRTC requests to MediaMTX
        location ~ ^/webrtc(/?)(.*)$ {
                proxy_pass https://127.0.0.1:8889/$2$is_args$args;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_redirect off;

                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        # Proxy HLS requests to MediaMTX
        location ~ ^/hls(/?)(.*)$ {
                proxy_pass https://127.0.0.1:8888/$2$is_args$args;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_redirect off;

                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        location /api {
                proxy_pass http://127.0.0.1:8081;
                proxy_http_version 1.1;
                proxy_set_header Host $host:443;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /socket.io {
                include proxy_params;
                proxy_http_version 1.1;
                proxy_buffering off;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_pass http://127.0.0.1:8081/socket.io;
        }

        try_files $uri /index.html;
        client_max_body_size 100M;


    listen 443 ssl;
    ssl_certificate SERVER_CERT_FILE;
    ssl_certificate_key SERVER_KEY_FILE;
}

server {

        root C:/tools/nginx-NGINX_VERSION/html/opentakserver;
        index index.html index.htm index.nginx-debian.html;
        server_name opentakserver_8443;

        # Do not allow certificate enrollment on port 8443
        location /Marti/api/tls {
                return 404;
        }

        # Only allow requests to the Marti API on port 8443
        location /Marti {
                proxy_pass http://127.0.0.1:8081;
                proxy_http_version 1.1;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;
        }

        client_max_body_size 100M;

    # listen [::]:8443 ssl ipv6only=on;
    listen 8443 ssl;
    ssl_certificate SERVER_CERT_FILE;
    ssl_certificate_key SERVER_KEY_FILE;

    # Require client certificate verification to access the Marti API
    ssl_verify_client on;
    ssl_client_certificate CA_CERT_FILE;
}