From 3ffc1056c788100b6a563cedc0a6e5e006a958e1 Mon Sep 17 00:00:00 2001
From: Carlos Schneider <carlosaschjr@gmail.com>
Date: Wed, 17 May 2017 10:28:48 -0300
Subject: [PATCH 1/2] Follows the NGINX Breaking Changes suggestion on
 Mattermost Changelog

---
 web/mattermost     | 27 ++++++++++++++++++++++-----
 web/mattermost-ssl | 31 +++++++++++++++++++++++++------
 2 files changed, 47 insertions(+), 11 deletions(-)

diff --git a/web/mattermost b/web/mattermost
index 0c428ac..72fa28d 100644
--- a/web/mattermost
+++ b/web/mattermost
@@ -6,17 +6,34 @@ map $http_x_forwarded_proto $proxy_x_forwarded_proto {
 server {
     listen 80;
 
-    location / {
-        gzip off;
-
-        client_max_body_size 50M;
+    location ~ /api/v[0-9]+/(users/)?websocket$ {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
+        client_max_body_size 50M;
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Frame-Options SAMEORIGIN;
+        proxy_buffers 256 16k;
+        proxy_buffer_size 16k;
+        proxy_read_timeout 600s;
+        proxy_pass http://app:80;
+    }
+
+    location / {
+        gzip on;
+
+        client_max_body_size 50M;
+        proxy_set_header Connection "";
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Frame-Options SAMEORIGIN;
+        proxy_buffers 256 16k;
+        proxy_buffer_size 16k;
+        proxy_read_timeout 600s;
         proxy_pass http://app:80;
     }
 }
diff --git a/web/mattermost-ssl b/web/mattermost-ssl
index 101ab2e..3a6d18f 100644
--- a/web/mattermost-ssl
+++ b/web/mattermost-ssl
@@ -10,7 +10,7 @@ map $http_x_forwarded_proto $proxy_x_forwarded_proto {
 }
 
 server {
-    listen 443;
+    listen 443 ssl http2;
 
     ssl on;
     ssl_certificate /cert/cert.pem;
@@ -20,18 +20,37 @@ server {
     ssl_ciphers HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH;
     ssl_prefer_server_ciphers on;
 
-    location / {
-        gzip off;
+    location ~ /api/v[0-9]+/(users/)?websocket$ {
+        proxy_set_header Upgrade $http_upgrade;
         proxy_set_header X-Forwarded-Ssl on;
+        proxy_set_header Connection "upgrade";
 
         client_max_body_size 50M;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Frame-Options SAMEORIGIN;
+        proxy_buffers 256 16k;
+        proxy_buffer_size 16k;
+        proxy_read_timeout 600s;
+        proxy_pass http://app:80;
+    }
+
+    location / {
+        gzip on;
+        proxy_set_header X-Forwarded-Ssl on;
+
+        client_max_body_size 50M;
+        proxy_set_header Connection "";
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Frame-Options SAMEORIGIN;
+        proxy_buffers 256 16k;
+        proxy_buffer_size 16k;
+        proxy_read_timeout 600s;
         proxy_pass http://app:80;
     }
 }

From 15e7a9cd589b49428a33849288b417f052e4df06 Mon Sep 17 00:00:00 2001
From: Carlos Schneider <carlosaschjr@gmail.com>
Date: Fri, 2 Jun 2017 10:19:04 -0300
Subject: [PATCH 2/2] Fix X-Forwarded-Proto (PR suggestion)

---
 web/mattermost     | 4 ++--
 web/mattermost-ssl | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/web/mattermost b/web/mattermost
index 72fa28d..ee9dc8d 100644
--- a/web/mattermost
+++ b/web/mattermost
@@ -13,7 +13,7 @@ server {
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
         proxy_set_header X-Frame-Options SAMEORIGIN;
         proxy_buffers 256 16k;
         proxy_buffer_size 16k;
@@ -29,7 +29,7 @@ server {
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
         proxy_set_header X-Frame-Options SAMEORIGIN;
         proxy_buffers 256 16k;
         proxy_buffer_size 16k;
diff --git a/web/mattermost-ssl b/web/mattermost-ssl
index 3a6d18f..9ef7cd0 100644
--- a/web/mattermost-ssl
+++ b/web/mattermost-ssl
@@ -29,7 +29,7 @@ server {
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
         proxy_set_header X-Frame-Options SAMEORIGIN;
         proxy_buffers 256 16k;
         proxy_buffer_size 16k;
@@ -46,7 +46,7 @@ server {
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
         proxy_set_header X-Frame-Options SAMEORIGIN;
         proxy_buffers 256 16k;
         proxy_buffer_size 16k;