# ─── Nginx — Proxy reverso para a API AutoGest ───────────────────────────────
# Coloque este bloco dentro de /etc/nginx/sites-available/autogest-api
# e ative com: ln -s /etc/nginx/sites-available/autogest-api /etc/nginx/sites-enabled/
#
# Pré-requisito: SSL gerado com Certbot
#   sudo apt install certbot python3-certbot-nginx
#   sudo certbot --nginx -d api.SEU-DOMINIO.com.br
#
# Depois, os HTMLs devem usar:
#   const API_URL = 'https://api.SEU-DOMINIO.com.br';
# ─────────────────────────────────────────────────────────────────────────────

server {
    listen 80;
    server_name api.SEU-DOMINIO.com.br;

    # Redireciona tudo para HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name api.SEU-DOMINIO.com.br;

    # Certificado SSL (gerado pelo Certbot)
    ssl_certificate     /etc/letsencrypt/live/api.SEU-DOMINIO.com.br/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/api.SEU-DOMINIO.com.br/privkey.pem;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
        proxy_pass         http://127.0.0.1:3001;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade        $http_upgrade;
        proxy_set_header   Connection     'upgrade';
        proxy_set_header   Host           $host;
        proxy_set_header   X-Real-IP      $remote_addr;
        proxy_cache_bypass $http_upgrade;

        # CORS preflight
        add_header 'Access-Control-Allow-Origin'  '*' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization' always;
        if ($request_method = 'OPTIONS') { return 204; }
    }
}