# Configuration HTTPS pour NGNIX
# Généré automatiquement le Fri Oct  3 17:10:13 UTC 2025

server {
    listen 80;
    server_name $NGNIX.$_4NKweb.com;
    # redirection HTTP→HTTPS pour l'externe
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name $NGNIX_DOCKER_NAME.$_4NKweb.com;

ssl_certificate     /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;


    # réglages TLS minimaux (adapter selon politique)
    ssl_session_timeout  1d;
    ssl_protocols        TLSv1.2 TLSv1.3;
    ssl_ciphers          HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # HSTS (activer seulement si tout le domaine est en HTTPS)
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$NGNIX_https.log app_json;

    location / {
        proxy_pass http://$NGNIX_DOCKER_NAME;
        include $/etc/nginx/conf.d/proxy_headers.conf;
    }

    location /ws/ {
        proxy_pass http://$NGNIX_DOCKER_NAME;
        proxy_http_version 1.1;
        proxy_set_header Upgrade    $http_upgrade;
        proxy_set_header Connection "upgrade";
        include $/etc/nginx/conf.d/proxy_headers.conf;
        proxy_read_timeout 3600s;
    }
}