# --- 1. REDIRECTION HTTP VERS HTTPS ---
server {
    listen 80;
    server_name dev2.4nkweb.com;
    return 301 https://$host$request_uri;
}

# --- 2. CONFIGURATION HTTPS PRINCIPALE ---
server {
    listen 443 ssl;
    server_name dev2.4nkweb.com;

    # Chemins des certificats SSL
    ssl_certificate /etc/letsencrypt/live/dev2.4nkweb.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dev2.4nkweb.com/privkey.pem;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_ciphers HIGH:!aNULL:!MD5;

    # --- LOCATION POUR VITE (Front-end + HMR WebSocket) ---
    location / {
        proxy_pass http://localhost:3003;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
		proxy_set_header Host $host;
    }

    # --- LOCATION POUR L'AUTRE WEBSOCKET (port 8090) ---
	location /ws/ {
		proxy_pass http://localhost:8090;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-NginX-Proxy true;
		proxy_read_timeout 86400;
	}

    # --- LOCATION POUR SDK_STORAGE (port 8081) ---
    location /storage/ {
		# Gestion du préflight CORS
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*' always;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
            add_header 'Access-Control-Max-Age' 86400;
            add_header 'Content-Length' 0;
            add_header 'Content-Type' 'text/plain';
            return 204;
        }       
        # Headers CORS pour les requêtes réelles
        add_header 'Access-Control-Allow-Origin' '*' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;       
        rewrite ^/storage(/.*)$ $1 break;
        proxy_pass http://localhost:8081;
		proxy_http_version 1.1;
        proxy_set_header Host $host;
	}

    # --- LOCATION POUR TON API (port 8091) ---
    location /api/ {
        proxy_pass http://localhost:8091;
		proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # CORS headers
        add_header Access-Control-Allow-Origin "*" always;
        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
        add_header Access-Control-Allow-Headers "Authorization,Content-Type,Accept,X-Requested-With" always;
    }
}