# Admin Panel (SSL)
# server {
#     server_name ${NGINX_HOST};
#     listen [::]:443 ssl quic;
#     listen 443 ssl quic;

#     ssl_certificate /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem; # managed by Certbot
#     ssl_certificate_key /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem; # managed by Certbot
#     ssl_session_cache shared:le_nginx_SSL:10m;
#     ssl_session_timeout 1440m;
#     ssl_session_tickets off;
#     ssl_protocols TLSv1.2 TLSv1.3;
#     ssl_prefer_server_ciphers off;
#     ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA";
#     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

#     location /admin {
#         proxy_pass http://taxi-admin-panel:80;
#         proxy_http_version 1.1;
#         proxy_set_header Upgrade $http_upgrade;
#         proxy_set_header Connection 'upgrade';
#         proxy_set_header Host $host;
#         proxy_cache_bypass $http_upgrade;
#     }

#     location /rider-api {
#         proxy_pass http://taxi-rider-api:3000;
#         proxy_http_version 1.1;
#         proxy_set_header Upgrade $http_upgrade;
#         proxy_set_header X-Real-IP $remote_addr;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#         proxy_set_header Connection 'Upgrade';
#         proxy_set_header Host $host;
#         proxy_cache_bypass $http_upgrade;
#     }

#     location /driver-api {
#         proxy_pass http://taxi-driver-api:3000;
#         proxy_http_version 1.1;
#         proxy_set_header Upgrade $http_upgrade;
#         proxy_set_header X-Real-IP $remote_addr;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#         proxy_set_header Connection 'Upgrade';
#         proxy_set_header Host $host;
#         proxy_cache_bypass $http_upgrade;
#     }

#     location /payment {
#         proxy_pass http://payment-gateways:3000;
#         proxy_http_version 1.1;
#         proxy_set_header Upgrade $http_upgrade;
#         proxy_set_header X-Real-IP $remote_addr;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#         proxy_set_header Connection 'upgrade';
#         proxy_set_header Host $host;
#         proxy_cache_bypass $http_upgrade;
#     }

#     location / {
#         proxy_pass http://taxi-rider-web-app:80;
#         proxy_http_version 1.1;
#         proxy_set_header Upgrade $http_upgrade;
#         proxy_set_header Connection 'upgrade';
#         proxy_set_header Host $host;
#         proxy_cache_bypass $http_upgrade;
#     }
# }

upstream taxi-admin-panel {
    server taxi-admin-panel:80;
}

upstream taxi-rider-api {
    server taxi-rider-api:3000;
}

upstream taxi-driver-api {
    server taxi-driver-api:3000;
}

upstream taxi-admin-api {
    server taxi-admin-api:3000;
}

upstream payment-gateways {
    server payment-gateways:3333;
}

upstream taxi-rider-web-app {
    server taxi-rider-web-app:80;
}

server {
    server_name ${NGINX_HOST};
    listen [::]:80;
    listen 80;

    # Certbot configuration
    location ^~ /.well-known/acme-challenge/ {
        root /etc/letsencrypt/www;
        default_type "text/plain";
    }

    location / {
        try_files $uri $uri/;
    }

    location ~ ^/admin/(.*) {
        proxy_pass http://taxi-admin-panel/$1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location ~ ^/admin-api/(.*) {
        proxy_pass http://taxi-admin-api/$1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Connection 'Upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location ~ ^/rider-api/(.*) {
        proxy_pass http://taxi-rider-api/$1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Connection 'Upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location ~ ^/driver-api/(.*) {
        proxy_pass http://taxi-driver-api/$1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Connection 'Upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location ~ ^/payment/(.*) {
        proxy_pass http://payment-gateways/$1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location ~ ^/app/(.*) {
        proxy_pass http://taxi-rider-web-app/$1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}