# =============================================================================
# RecreaHUB API — Nginx Reverse Proxy Configuration
#
# Installation:
#   sudo cp setup-nginx.conf /etc/nginx/sites-available/recreahub-api
#   sudo ln -s /etc/nginx/sites-available/recreahub-api \
#              /etc/nginx/sites-enabled/recreahub-api
#   sudo nginx -t
#   sudo systemctl reload nginx
#
# For HTTPS (Let's Encrypt / Certbot):
#   sudo certbot --nginx -d api.recreahub.com.br
# =============================================================================

# ── Upstream: Node.js application (PM2 cluster on port 3000) ─────────────────
upstream recreahub_api {
    server 127.0.0.1:3000;
    keepalive 64;
}

# ── Gzip compression ─────────────────────────────────────────────────────────
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types
    text/plain
    text/css
    text/xml
    application/json
    application/javascript
    application/rss+xml
    application/atom+xml
    image/svg+xml;

# ── HTTP server (port 80) ─────────────────────────────────────────────────────
server {
    listen 80;
    listen [::]:80;

    server_name api.recreahub.com.br;

    # Maximum request body size (e.g. file uploads)
    client_max_body_size 10m;

    # ── Proxy to Node.js ──────────────────────────────────────────────────────
    location / {
        proxy_pass         http://recreahub_api;
        proxy_http_version 1.1;

        # WebSocket support
        proxy_set_header Upgrade    $http_upgrade;
        proxy_set_header Connection 'upgrade';

        # Forwarded headers
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_cache_bypass $http_upgrade;

        # Timeouts
        proxy_connect_timeout 60s;
        proxy_send_timeout    60s;
        proxy_read_timeout    60s;
    }

    # ── Health-check endpoint (internal only, optional) ───────────────────────
    location /health {
        proxy_pass         http://recreahub_api;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        access_log off;
    }
}

# =============================================================================
# HTTPS server — uncomment after running Certbot
# (certbot --nginx will fill in the certificate paths automatically)
# =============================================================================
# server {
#     listen 443 ssl http2;
#     listen [::]:443 ssl http2;
#
#     server_name api.recreahub.com.br;
#
#     # Certificate files managed by Certbot:
#     # ssl_certificate     /etc/letsencrypt/live/api.recreahub.com.br/fullchain.pem;
#     # ssl_certificate_key /etc/letsencrypt/live/api.recreahub.com.br/privkey.pem;
#     # include             /etc/letsencrypt/options-ssl-nginx.conf;
#     # ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;
#
#     client_max_body_size 10m;
#
#     location / {
#         proxy_pass         http://recreahub_api;
#         proxy_http_version 1.1;
#         proxy_set_header Upgrade    $http_upgrade;
#         proxy_set_header Connection 'upgrade';
#         proxy_set_header Host              $host;
#         proxy_set_header X-Real-IP         $remote_addr;
#         proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
#         proxy_set_header X-Forwarded-Proto $scheme;
#         proxy_cache_bypass $http_upgrade;
#     }
# }
#
# Redirect HTTP → HTTPS (enable after obtaining certificate):
# server {
#     listen 80;
#     listen [::]:80;
#     server_name api.recreahub.com.br;
#     return 301 https://$host$request_uri;
# }