# HTTP server configuration
server {
    listen       80;
    listen  [::]:80;
    server_name  ${NGINX_HOST};

    # Redirect all incoming requests to HTTPS
    return 301 https://$host:${NGINX_HTTPS_PORT}$request_uri;
}

# HTTPS server configuration
server {
    listen       443 ssl;
    listen  [::]:443 ssl;
    server_name  ${NGINX_HOST};

    # SSL settings
    ssl_certificate     ${SSL_CERT_PATH};
    ssl_certificate_key ${SSL_CERT_KEY_PATH};

    # Optional: SSL session settings and ciphers (adjust as required)
    # ssl_session_cache   shared:SSL:10m;
    # ssl_session_timeout 10m;
    # ssl_ciphers         HIGH:!aNULL:!MD5;
    # ssl_prefer_server_ciphers on;

    location /api/ {
        proxy_pass         http://${NGINX_INTERNAL_HOST}:5000/api/;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

    location /minio/ {
        proxy_pass         http://${NGINX_INTERNAL_HOST}:9001/;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

    # Reverse proxy for the UI and default catch-all
    location / {
        proxy_pass         http://${NGINX_INTERNAL_HOST}:3000/;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}