upstream auth_server {
    server auth_server:80;
}

server {
    listen 80;

    gzip on;
    gzip_min_length 1000;
    gzip_proxied any;
    gzip_comp_level 1;
    gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
    gzip_vary on;
    gzip_disable "msie6";

    include /etc/nginx/mime.types;

    # AUTHENTICATION
    error_page 401 @error401;

    location @error401 {
        add_header Cache-Control 'no-store, no-cache';
        # rewrite ^ /login?uri=$request_uri permanent;
        rewrite ^ /login permanent;
    }

    location / {
        auth_request /auth;

        root /usr/share/nginx/html;
        try_files $uri $uri/ /index.html =404;
    }


    location = /auth {
        internal;
        proxy_pass http://auth_server;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_set_header X-Original-URI $request_uri;
        proxy_set_header X-Original-Remote-Addr $remote_addr;
        proxy_set_header X-Original-Host $host;
    }

    location ~ ^/(login|signin|logout|get-user) {
        proxy_pass http://auth_server;
    }

    location /download {
        auth_request /auth;
        proxy_pass $URL_DOWNLOAD;
    }
}