# ==========================================
# GardenPlan – Nginx Konfiguration
# Symfony Reverse Proxy + API Endpoint
# ==========================================

server {
    listen 80;
    server_name _;
    root /var/www/html/public;

    # Performance-Settings
    client_max_body_size 50M;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    # Security Headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

    # Default – Symfony Backend (REST API)
    location / {
        try_files $uri /index.php$is_args$args;
    }

    # PHP-FPM Verbindung
    location ~ ^/index\.php(/|$) {
        fastcgi_pass php-fpm:9000;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS off;

        # PHP-FPM Timeout-Settings
        fastcgi_connect_timeout 600;
        fastcgi_send_timeout 600;
        fastcgi_read_timeout 600;
    }

    # Verzeichnis-Zugriffe blockieren
    location ~ /^.ht {
        deny all;
    }

    # Assets Cache-Control
    location ~* \.(jpg|jpeg|gif|png|webp|svg|css|js|woff2?|ico)$ {
        expires 30d;
        add_header Cache-Control "public, immutable";
    }

    # Error Pages (optional)
    error_page 404 /error.html;
    error_page 500 502 503 504 /error.html;
}