events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    
    # Logging
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                   '$status $body_bytes_sent "$http_referer" '
                   '"$http_user_agent" "$http_x_forwarded_for"';
    
    access_log /var/log/nginx/access.log main;
    error_log /var/log/nginx/error.log warn;
    
    # Gzip Settings
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types
        text/plain
        text/css
        text/xml
        text/javascript
        application/json
        application/javascript
        application/xml+rss
        application/atom+xml
        image/svg+xml;
    
    # Server Config
    server {
        listen 80;
        
        # Allow large uploads (50MB)
        client_max_body_size 50M;
        
        # API proxy to image-uploader-backend service
        location /upload {
            proxy_pass http://image-uploader-backend:5000;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            
            # Allow large uploads for API too
            client_max_body_size 50M;
        }
        
        # API routes for new multi-upload features
        location /api/upload {
            proxy_pass http://image-uploader-backend:5000/upload;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            
            # Allow large uploads for batch upload
            client_max_body_size 100M;
        }

        # API - Download original images
        location /api/download {
            proxy_pass http://image-uploader-backend:5000/download;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        # API - Preview/thumbnail images (optimized for gallery views)
        location /api/previews {
            proxy_pass http://image-uploader-backend:5000/previews;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        # API - Groups (NO PASSWORD PROTECTION)
        location /api/groups {
            proxy_pass http://image-uploader-backend:5000/groups;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        
        # Protected API - Admin API routes (password protected)
        location /api/admin {
            auth_basic "Restricted Area - Admin API";
            auth_basic_user_file /etc/nginx/.htpasswd;
            
            proxy_pass http://image-uploader-backend:5000/api/admin;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        
        # Protected API - Moderation API routes (password protected) - must come before /groups
        location /moderation/groups {
            auth_basic "Restricted Area - Moderation API";
            auth_basic_user_file /etc/nginx/.htpasswd;
            
            proxy_pass http://image-uploader-backend:5000/moderation/groups;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        
        # API - Groups API routes (NO PASSWORD PROTECTION)
        location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ {
            proxy_pass http://image-uploader-backend:5000;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        
        location /download {
            proxy_pass http://image-uploader-backend:5000;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        
        # Frontend page - Groups overview (NO PASSWORD PROTECTION)
        location /groups {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
            try_files $uri $uri/ /index.html;
            expires -1;
            
            # Prevent indexing
            add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;
        }
        
        # Protected routes - Moderation (password protected)
        location /moderation {
            auth_basic "Restricted Area - Moderation";
            auth_basic_user_file /etc/nginx/.htpasswd;
            
            root   /usr/share/nginx/html;
            index  index.html index.htm;
            try_files $uri $uri/ /index.html;
            expires -1;
            
            # Prevent indexing
            add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;
        }

        # Frontend files
        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
            try_files $uri $uri/ /index.html;
            expires -1; # Set it to different value depending on your standard requirements
        }
        
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }
}