#!/usr/bin/env bash

# Create nginx configuration for reverse proxy to Node.js app
cat > /etc/nginx/conf.d/default.conf << EOF
upstream nodejs_backend {
    server 127.0.0.1:3000;
}

server {
    listen 80;
    server_name $domain $serveralias;
    
    # Redirect HTTP to HTTPS
    return 301 https://\$server_name\$request_uri;
}

server {
    listen 443 ssl http2;
    server_name $domain $serveralias;
    
    ssl_certificate /etc/pki/tls/certs/localhost.crt;
    ssl_certificate_key /etc/pki/tls/private/localhost.key;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
    
    access_log /home/$user/logs/nginx/access.log;
    error_log /home/$user/logs/nginx/error.log;
    
    location / {
        proxy_pass http://nodejs_backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto;
        proxy_set_header X-CLIENT-IP \$http_x_client_ip;
        proxy_cache_bypass \$http_upgrade;
    }
    
    location /ping {
        proxy_pass http://nodejs_backend/ping;
        access_log off;
    }
    
    # Static files
    location /static/ {
        alias /home/$user/app/public/;
        expires 30d;
        add_header Cache-Control "public, immutable";
    }
}
EOF