# SignalR WebSocket upgrade. The /hubs/ block below sets the "Connection" header
# to this variable: "upgrade" when the client sends an Upgrade header (WebSocket),
# "close" otherwise (long-polling). nginx has no built-in $connection_upgrade, so
# it MUST be defined here in the http context or nginx fails config test on start
# ([emerg] unknown "connection_upgrade" variable) and keeps the old config.
map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

server {
  listen 80;
  server_name _;

  # Docker's embedded DNS. Using a variable for the upstream below forces nginx
  # to re-resolve via this resolver instead of caching the container IP at
  # startup — so api/app can be recreated (new IPs on redeploy) without nginx
  # holding a stale IP and returning 502.
  resolver 127.0.0.11 valid=10s ipv6=off;

  # API -> api container. The SPA calls same-origin /api/... (environment.prod.ts).
  location /api/ {
    # nginx defaults to 1 MB, which 413s phone-camera receipt uploads before they
    # reach the API. Keep this >= the largest API [RequestSizeLimit] (offerings = 50 MB)
    # so the per-endpoint limits in the controllers stay the real authority.
    client_max_body_size 50m;

    set $upstream_api api;
    proxy_pass         http://$upstream_api:8080$request_uri;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
  }
  
  # SignalR hubs -> api container. Must be proxied to Kestrel like /api/; without
  # this block /hubs/* fell through to "location /" (the static app), whose nginx
  # 405s the negotiate POST so the connection never reaches the backend. The
  # Upgrade/Connection headers + http_version 1.1 let the WebSocket transport
  # establish instead of degrading to long-polling.
  location /hubs/ {
    set $upstream_api api;
    proxy_pass         http://$upstream_api:8080$request_uri;
    proxy_http_version 1.1;
    proxy_set_header   Upgrade $http_upgrade;
    proxy_set_header   Connection $connection_upgrade;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_buffering    off;
    proxy_read_timeout 100s;
  }

  # Everything else -> the Angular static app (its own nginx does SPA fallback).
  location / {
    set $upstream_app app;
    proxy_pass http://$upstream_app:80;
  }
}