events {}

http {
    # ── Compression ──────────────────────────────────────────────────────────────
    gzip on;
    gzip_types text/plain text/css text/javascript application/javascript application/json image/svg+xml;
    gzip_min_length 1024;
    gzip_vary on;

    # ── Upstreams ─────────────────────────────────────────────────────────────────
    upstream estore {
        server estore:3000;
    }

    upstream main_site {
        server main-site:3050;
    }

    upstream gallery {
        server gallery-backend:5000;
    }

    server {
        listen 80;
        server_name _;

        client_max_body_size 20m;

        # ── Security headers ─────────────────────────────────────────────────────
        add_header X-Frame-Options        "SAMEORIGIN"                      always;
        add_header X-Content-Type-Options "nosniff"                         always;
        add_header Referrer-Policy        "strict-origin-when-cross-origin" always;

        # ── Redirect old color-picker URL ────────────────────────────────────────
        location ~ ^/color-picker(/.*)?$ { return 301 /color$1; }

        # ── Redirects for legal pages (moved from main site into estore) ─────────
        location = /privacy  { return 301 /shop/privacy; }
        location = /privacy/ { return 301 /shop/privacy; }
        location = /terms    { return 301 /shop/terms;   }
        location = /terms/   { return 301 /shop/terms;   }
        location = /refund   { return 301 /shop/refund;  }
        location = /refund/  { return 301 /shop/refund;  }

        # ── Gallery API and uploaded images ──────────────────────────────────────
        location ^~ /photos {
            proxy_pass         http://gallery;
            proxy_http_version 1.1;
            proxy_set_header   Host              $host;
            proxy_set_header   X-Real-IP         $remote_addr;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }

        location ^~ /uploads {
            proxy_pass         http://gallery;
            proxy_http_version 1.1;
            proxy_set_header   Host              $host;
            proxy_set_header   X-Real-IP         $remote_addr;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }

        # ── eStore: /shop and everything under it ────────────────────────────────
        location ^~ /shop {
            proxy_pass         http://estore;
            proxy_http_version 1.1;
            proxy_set_header   Host              $host;
            proxy_set_header   X-Real-IP         $remote_addr;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }

        # ── Main site: everything else ───────────────────────────────────────────
        location / {
            proxy_pass         http://main_site;
            proxy_http_version 1.1;
            proxy_set_header   Host              $host;
            proxy_set_header   X-Real-IP         $remote_addr;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }
    }
}