(repo_cors) {
	header {
		Access-Control-Allow-Origin *
		Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS"
		Access-Control-Allow-Headers "*"
		Access-Control-Allow-Credentials true
		Strict-Transport-Security "max-age=15768000"
		# Request ID tracing
		+X-Request-ID {uuid}
	}
}

(repo_common_proxy) {
	# Set headers similar to uwsgi_param
	header_up Host {host}
	header_up X-Request-ID {uuid}
	# Remove sensitive headers
	header_down -X-Session-ID
	header_down -X-User-ID
}

(repo_site) {
	import repo_cors

	# UI Server routes
	handle / {
		request_body {
			max_size 100MB
		}
		reverse_proxy repo-web-ui:5000 {
			import repo_common_proxy
		}
	}

	# API routes
	handle /api/* {
		request_body {
			max_size 100MB
		}
		reverse_proxy repo-web-api:5000 {
			import repo_common_proxy
		}
	}

	# Large file upload API routes
	handle_path /api/records/*/draft/files/*/content {
		request_body {
			max_size 250GB
		}
		encode gzip
		reverse_proxy repo-web-api:5000 {
			import repo_common_proxy
		}
	}

	handle /static/* {
		root * /opt/invenio/var/instance/static
		file_server
	}

	handle /robots.txt {
		root * /opt/invenio/var/instance/static
		file_server
	}
}