# Configuración NGINX para docs.amayo.dev (Frontend Vue)
# Ubicación: /etc/nginx/sites-available/docs.amayo.dev

server {
    listen 80;
    listen [::]:80;
    server_name docs.amayo.dev;

    # Redirigir HTTP a HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name docs.amayo.dev;

    # Certificados SSL (generados con certbot)
    ssl_certificate /etc/letsencrypt/live/docs.amayo.dev/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/docs.amayo.dev/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # Ruta de archivos estáticos del build de Vue
    root /var/www/docs.amayo.dev;
    index index.html;

    # Logs
    access_log /var/log/nginx/docs.amayo.dev.access.log;
    error_log /var/log/nginx/docs.amayo.dev.error.log;

    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml+rss application/json application/javascript;

    # SPA fallback - todas las rutas van a index.html
    location / {
        try_files $uri $uri/ /index.html;
    }

    # Cache para assets estáticos
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }

    # Security headers - Allow top.gg to embed this page
    add_header X-Frame-Options "ALLOW-FROM https://top.gg" always;
    add_header Content-Security-Policy "frame-ancestors 'self' https://top.gg https://*.top.gg" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
}