# Include upstream configuration
include /etc/nginx/conf.d/upstream.conf;

server {
    if ($host = client.portnimara.dev) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    client_max_body_size 64M;

    listen 80;
    server_name client.portnimara.dev;

    location / {
        return 301 https://$host$request_uri;
    }

    location ^~ /.well-known/acme-challenge/ {
        alias /var/www/html/.well-known/acme-challenge/;
        default_type "text/plain";
        allow all;
    }
}

server {
    client_max_body_size 64M;

    # Timeout configurations to prevent 502 errors
    proxy_connect_timeout 300s;
    proxy_send_timeout 300s;
    proxy_read_timeout 300s;
    send_timeout 300s;

    # Client timeout settings
    client_body_timeout 300s;
    client_header_timeout 300s;

    # Buffer settings to handle larger responses
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
    proxy_temp_file_write_size 256k;

    # Keepalive settings
    keepalive_timeout 65;
    keepalive_requests 100;

    listen 443 ssl http2;
    server_name client.portnimara.dev;

    ssl_certificate /etc/letsencrypt/live/client.portnimara.dev/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/client.portnimara.dev/privkey.pem; # managed by Certbot

    # Error pages
    error_page 502 503 504 /error-502.html;
    location = /error-502.html {
        root /etc/nginx/error-pages;
        internal;
    }

    # Health check endpoint (bypass upstream for monitoring)
    location = /api/health {
        proxy_pass http://port_nimara_backend;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Short timeout for health checks
        proxy_connect_timeout 5s;
        proxy_send_timeout 5s;
        proxy_read_timeout 5s;
        
        # Don't retry health checks
        proxy_next_upstream off;
    }

    location / {
        proxy_pass http://port_nimara_backend;
        proxy_http_version 1.1;
        
        # Headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-IP $http_cf_connecting_ip;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # Disable buffering for real-time responses
        proxy_request_buffering off;
        proxy_buffering off;

        # Apply timeout settings
        proxy_connect_timeout 300s;
        proxy_send_timeout 300s;
        proxy_read_timeout 300s;
        
        # Retry logic for better resilience
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        proxy_next_upstream_tries 3;
        proxy_next_upstream_timeout 10s;
        
        # Add custom header to track retries
        add_header X-Upstream-Status $upstream_status always;
    }

    location /api/ {
        proxy_pass http://port_nimara_backend;
        proxy_http_version 1.1;
        
        # Headers
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Extended timeouts for API routes (webhooks, IMAP operations)
        proxy_connect_timeout 600s;
        proxy_send_timeout 600s;
        proxy_read_timeout 600s;

        # Disable buffering for API responses
        proxy_request_buffering off;
        proxy_buffering off;
        
        # Retry logic
        proxy_next_upstream error timeout http_502 http_503;
        proxy_next_upstream_tries 2;
        proxy_next_upstream_timeout 30s;
    }

    # Special handling for long-running email operations
    location ~ ^/api/email/(send|fetch-thread|test-connection) {
        proxy_pass http://port_nimara_backend;
        proxy_http_version 1.1;

        # Headers
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Extra long timeouts for email operations
        proxy_connect_timeout 900s;
        proxy_send_timeout 900s;
        proxy_read_timeout 900s;

        # Disable buffering
        proxy_request_buffering off;
        proxy_buffering off;
        
        # No retry for email operations (to avoid duplicates)
        proxy_next_upstream off;
    }

    # Special handling for Documenso operations
    location ~ ^/api/(email/generate-eoi-document|eoi/) {
        proxy_pass http://port_nimara_backend;
        proxy_http_version 1.1;

        # Headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Extended timeouts for document operations
        proxy_connect_timeout 300s;
        proxy_send_timeout 300s;
        proxy_read_timeout 300s;

        # Enable buffering for large responses
        proxy_buffering on;
        proxy_buffer_size 128k;
        proxy_buffers 8 256k;
        
        # Retry logic for Documenso
        proxy_next_upstream error timeout http_502 http_503;
        proxy_next_upstream_tries 3;
        proxy_next_upstream_timeout 20s;
    }

    location ^~ /.well-known/acme-challenge/ {
        alias /var/www/html/.well-known/acme-challenge/;
        default_type "text/plain";
        allow all;
    }
}