# /etc/nginx/sites-available/trackaccess

# 1) Redirect plain‐HTTP → HTTPS
server {
    listen 80;
    server_name trackaccess.gallaudet.edu;
    return 301 https://$host$request_uri;
}

# 2) HTTPS server block
server {
    listen              443 ssl http2;
    server_name         trackaccess.gallaudet.edu;

    # SSL certs (self-signed)
    ssl_certificate     /etc/ssl/certs/trackaccess.crt;
    ssl_certificate_key /etc/ssl/private/trackaccess.key;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    # Serve React build
    root  /var/www/trackaccess/frontend/dist;
    index index.html;

    # All non‐/api requests → React SPA
    location / {
        try_files $uri $uri/ /index.html;
    }

    # Proxy API calls
    location /api/ {
        proxy_pass         http://127.0.0.1:4000;
        proxy_http_version 1.1;

        # Preserve WebSocket upgrades
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection $http_connection;

        # Forward real IP & host
        proxy_set_header   Host              $host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;

        proxy_cache_bypass $http_upgrade;
    }

    # Optional: serve favicon/js/css from cache
    location ~* \.(?:css|js|jpg|jpeg|gif|png|ico|svg)$ {
        expires 30d;
        access_log off;
    }


  location /phpmyadmin {
    alias /usr/share/phpmyadmin;
    index index.php index.html index.htm;

    location ~ ^/phpmyadmin/(.+\.php)$ {
        alias /usr/share/phpmyadmin/$1;
        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;  # Adjust if using different PHP version
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /usr/share/phpmyadmin/$1;
        include fastcgi_params;
    }

    location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
        alias /usr/share/phpmyadmin/$1;
    }
  }

}