user www-data;
worker_processes auto;
pid /run/nginx.pid;

# Send logs to Docker
error_log /dev/stderr warn;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 4096;
    multi_accept on;
}

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    server_tokens off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Custom headers
    more_set_headers "Server: Laravel Proxy";
    more_set_headers "X-Powered-By: Laravel Proxy";

    # Security headers (safe behind Traefik)
    more_set_headers "X-Frame-Options: SAMEORIGIN";
    more_set_headers "X-Content-Type-Options: nosniff";
    more_set_headers "Referrer-Policy: no-referrer-when-downgrade";
    more_set_headers "X-XSS-Protection: 1; mode=block";
    more_set_headers "Permissions-Policy: geolocation=(), microphone=(), camera=()";

    # Gzip
    gzip on;
    gzip_comp_level 5;
    gzip_min_length 256;
    gzip_vary on;
    gzip_types
        text/plain text/css text/xml application/json application/javascript
        application/x-javascript application/xml application/xml+rss
        font/ttf font/otf image/svg+xml;

    # Real IP from Traefik
    set_real_ip_from 0.0.0.0/0;
    real_ip_header X-Forwarded-For;
    real_ip_recursive on;

    # Buffers & timeouts for Laravel
    client_max_body_size 50M;
    client_body_buffer_size 128k;
    client_header_timeout 30s;
    client_body_timeout 30s;
    send_timeout 30s;

    # FastCGI settings for PHP (Laravel)
    fastcgi_read_timeout 300;
    fastcgi_buffers 16 16k;
    fastcgi_buffer_size 32k;

    # Logging (to Docker)
    access_log /dev/stdout;

    # Cache static assets aggressively (ideal for Laravel mix/vite builds)
    map $sent_http_content_type $static_expires {
        default off;
        ~*image/ 30d;
        ~*font/ 30d;
        ~*text/css 30d;
        ~*javascript 30d;
    }

    proxy_headers_hash_max_size 1024;
    proxy_headers_hash_bucket_size 128;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}