	# Handle request to bbb-web running within a SpringBoot Tomcat embedded servlet container.  This is for BBB-API and Presentation.
	location /bigbluebutton {
		proxy_http_version 1.1;

		location /bigbluebutton {
			proxy_pass         http://127.0.0.1:8090;
	       		proxy_redirect     default;
        	        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;

                    # Workaround IE refusal to set cookies in iframe
                    add_header P3P 'CP="No P3P policy available"';
		}


		location ~ "^\/bigbluebutton\/presentation\/(?<prestoken>[a-zA-Z0-9_-]+)/upload$" {
			proxy_pass         http://127.0.0.1:8090;
			proxy_redirect     default;
			proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;

			# Workaround IE refusal to set cookies in iframe
			add_header P3P 'CP="No P3P policy available"';

			# high limit for presentation as bbb-web will reject upload if larger than configured
			client_max_body_size       1000m;
			client_body_buffer_size    128k;

			proxy_connect_timeout      90;
			proxy_send_timeout         90;
			proxy_read_timeout         90;

		        proxy_buffer_size          4k;
		        proxy_buffers              4 32k;
		        proxy_busy_buffers_size    64k;
		        proxy_temp_file_write_size 64k;

		        include    fastcgi_params;

			proxy_request_buffering off;

			# Send a sub-request to allow bbb-web to refuse before loading
			# If file is larger than configured bbb-web will return with code 403 and Header: x-file-too-large = 1
			auth_request /bigbluebutton/presentation/checkPresentation;
			error_page 403 = @error403;
			auth_request_set $file_too_large_header $upstream_http_x_file_too_large;

		}

		location /bigbluebutton/presentation/download {
			return 404;
		}

		location ~ "^/bigbluebutton/presentation/download\/[0-9a-f]+-[0-9]+/[0-9a-f]+-[0-9]+$" {
			if ($arg_presFilename !~ "^[0-9a-f]+-[0-9]+\.[0-9a-zA-Z]+$") {
				return 404;
			}
			proxy_pass         http://127.0.0.1:8090$uri$is_args$args;
			proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
			# Workaround IE refusal to set cookies in iframe
			add_header P3P 'CP="No P3P policy available"';
		}

		location = /bigbluebutton/presentation/checkPresentation {
			proxy_pass         http://127.0.0.1:8090;
	       		proxy_redirect     default;
        	        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;

			proxy_set_header        X-Presentation-Token $prestoken;
			proxy_set_header        X-Original-URI $request_uri;
			proxy_set_header	Content-Length "";
			proxy_set_header	X-Original-Content-Length $http_content_length;
			proxy_set_header	X-Original-Method $request_method;

			# high limit for presentation as bbb-web will reject upload if larger than configured
			client_max_body_size       1000m;
			client_body_buffer_size    128k;

			proxy_pass_request_body off;
			proxy_request_buffering off;

		}

		# To check connection authentication, include:
		#   auth_request /bigbluebutton/connection/checkAuthorization;
		#   auth_request_set $auth_status $upstream_status;
		#
		# and make sure to add sessionToken param in the request URI
		location = /bigbluebutton/connection/checkAuthorization {
			internal;
			proxy_pass               http://127.0.0.1:8090;
			proxy_pass_request_body  off;
			proxy_set_header         Content-Length "";
			proxy_set_header         X-Original-URI $request_uri;
		}

		location = /bigbluebutton/connection/checkGraphqlAuthorization {
			internal;
			proxy_pass               http://127.0.0.1:8090;
			proxy_pass_request_body  off;
			proxy_set_header         Content-Length "";
			proxy_set_header         X-Original-URI $request_uri;
			# this is required for CORS preflight checks in cluster setup
			proxy_set_header        X-Original-Method $request_method;
		}

		location = /bigbluebutton/connection/legacyCheckAuthorization {
			internal;
			proxy_pass               http://127.0.0.1:8090;
			proxy_pass_request_body  off;
			proxy_set_header         Content-Length "";
			proxy_set_header         X-Original-URI $request_uri;
		}

		location = /bigbluebutton/connection/validatePad {
			internal;
			proxy_pass               http://127.0.0.1:8090;
			proxy_pass_request_body  off;
			proxy_set_header         Content-Length "";
			proxy_set_header         X-Original-URI $request_uri;
		}

        location ~ "^/bigbluebutton\/textTrack\/(?<textTrackToken>[a-zA-Z0-9]+)\/(?<recordId>[a-zA-Z0-9_-]+)\/(?<textTrack>.+)$" {
            # Workaround IE refusal to set cookies in iframe
            add_header P3P 'CP="No P3P policy available"';

            # Allow 30M uploaded presentation document.
            client_max_body_size       30m;
            client_body_buffer_size    128k;

            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;

            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;

            include    fastcgi_params;

            proxy_request_buffering off;

            # Send a sub-request to allow bbb-web to refuse before loading
            auth_request /bigbluebutton/textTrack/validateAuthToken;

            default_type text/plain;
            alias    /var/bigbluebutton/captions/$recordId/$textTrack;

        }

        location = /bigbluebutton/textTrack/validateAuthToken {
            internal;
            proxy_pass         http://127.0.0.1:8090;
            proxy_redirect     default;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;

            proxy_set_header        X-textTrack-token $textTrackToken;
            proxy_set_header        X-textTrack-recordId $recordId;
            proxy_set_header        X-textTrack-track $textTrack;
            proxy_set_header        X-Original-URI $request_uri;
        }

        location /bigbluebutton/rtt-check {
            default_type text/plain;
            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
            add_header Pragma "no-cache";
            add_header Expires "0";
            add_header X-Server-Epoch-Msec $msec;
            add_header X-Request-Id $request_id;

            # this Header is required for cluster setups as the ping check is a
            # CORS request. No cookies are required so we can just allow anyone
            # to use this endpoint.
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Expose-Headers' 'X-Server-Epoch-Msec,X-Request-Id';
            return 200 "";
        }

	}

	location @error403 {
            if ($file_too_large_header = '1') {
                    return 413;
            }

            return 403;
	}
