server {
  listen 80;
  
  # Allow large uploads (50MB)
  client_max_body_size 50M;
  
  # API proxy to image-uploader-backend service
  location /upload {
    proxy_pass http://image-uploader-backend:5000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    
    # Allow large uploads for API too
    client_max_body_size 50M;
  }
  
  # API routes for new multi-upload features
  location /api/upload {
    proxy_pass http://image-uploader-backend:5000/upload;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    
    # Allow large uploads for batch upload
    client_max_body_size 100M;
  }

  # API - Groups (NO PASSWORD PROTECTION)
  location /api/groups {
    proxy_pass http://image-uploader-backend:5000/groups;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  # Protected API - Moderation API routes (password protected) - must come before /groups
  location /moderation/groups {
    auth_basic "Restricted Area - Moderation API";
    auth_basic_user_file /etc/nginx/.htpasswd;
    
    proxy_pass http://image-uploader-backend:5000/moderation/groups;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  # API - Groups API routes (NO PASSWORD PROTECTION)
  location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ {
    proxy_pass http://image-uploader-backend:5000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  location /download {
    proxy_pass http://image-uploader-backend:5000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  # Frontend page - Groups overview (NO PASSWORD PROTECTION)
  location /groups {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
    try_files $uri $uri/ /index.html;
    expires -1;
    
    # Prevent indexing
    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;
  }
  
  # Protected routes - Moderation (password protected)
  location /moderation {
    auth_basic "Restricted Area - Moderation";
    auth_basic_user_file /etc/nginx/.htpasswd;
    
    root   /usr/share/nginx/html;
    index  index.html index.htm;
    try_files $uri $uri/ /index.html;
    expires -1;
    
    # Prevent indexing
    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;
  }

  # Frontend files
  location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
    try_files $uri $uri/ /index.html;
    expires -1; # Set it to different value depending on your standard requirements
  }
  
  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
    root   /usr/share/nginx/html;
  }
}