# This is almost-entirely the default.conf that
# comes with the base image. The only change is the
# addition of a proxy_pass statement at the end to
# forward any requests to `/analytics` on to Google
# Analytics, and the supporting `upstream` directive -
# see the blog post in the commit that
# introduced this for more explanation.


# https://stackoverflow.com/a/66703673/1040915
upstream ga {
    # Note that this is hard-coded - I'm hosting this blog in
    # a network that is served by a Pi-hole, so if I just
    # put the domain name (`www.google-analytics.com`), it
    # wouldn't resolve.
    #
    # If Google Analytics ever changes their IP, this
    # hard-coded value would need to change.
    server 142.250.189.238:443;
    #server www.google-analytics.com:443;
    #
    # If you want to see the payload being sent, replace with the following:
    #server some.server.you.control:<port_number>;
    # and run this: https://gist.githubusercontent.com/mdonkers/63e115cc0c79b4f6b8b3a6b797e485c7/raw/a6a1d090ac8549dac8f2bd607bd64925de997d40/server.py
    # (you probably want to change the `proxy_pass` directive to write to
    # an `http://` scheme address, too)
}

server {
    listen       8080;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}

    # https://www.freecodecamp.org/news/save-your-analytics-from-content-blockers-7ee08c6ec7ee/
    # https://stackoverflow.com/a/32543398/1040915
    location /analytics {
        # The below is the example, but we don't need this because we know there will be no query-string params
        # In particular, our option also removes the trailing `/` from the call to analytics (that is, we
        # call `/collect?uip=...` rather than `collect/?uip=...`) - the latter results in a 404
        #rewrite ^/analytics/?(.*) /collect/$1?uip=$remote_addr break;
        rewrite ^/analytics /collect?uip=$remote_addr break;
        # This Host header is important! Without it, Google will 404
        proxy_set_header Host www.google-analytics.com;
        proxy_set_header Connection keep-alive;
        proxy_set_header Sec-Fetch-Dest empty;
        proxy_set_header Sec-Fetch-Mode no-cors;
        proxy_set_header Sec-Fetch-Site cross-site;
        proxy_pass https://ga$uri$is_args$args;
    }
    rewrite_log on;

}