# HTTP configuration
# -- Redirect all HTTP requests to HTTPS port
server {
	listen 80; # HTTP port
	server_name s3.systemsobscure.net;
	location / {
		return 301 https://$host$request_uri; # Variable is a placeholder for all requests to the server name
	}
}

# HTTPS configuration 

server {
	listen 443 ssl;
	server_name s3.systemsobscure.net;

  client_max_body_size 100M; # Allow large image uploads

	# SSL configuration
	ssl_certificate /etc/letsencrypt/live/systemsobscure.net/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/systemsobscure.net/privkey.pem;

	# Security headers
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    
	# Proxy Configuration
  location / {
		proxy_pass http://172.18.0.1:3900;
		proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

		# CORS headers for web access
    add_header Access-Control-Allow-Origin *;
		add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
    add_header Access-Control-Allow-Headers "Authorization, Content-Type";
        
    # Handle preflight requests
    if ($request_method = 'OPTIONS') {
			return 204;
    }
  }
}