# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# configuration of fw.op.fo / frode klevstul / oct 2025
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# sc.op.fo ➔ fw.op.fo
server {
    listen 80;
    server_name sc.op.fo;
    return 301 https://fw.op.fo$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    ssl_certificate /etc/nginx/acme.sh/op.fo/fullchain.pem;
    ssl_certificate_key /etc/nginx/acme.sh/op.fo/key.pem;
    ssl_trusted_certificate /etc/nginx/acme.sh/op.fo/cert.pem;

    server_name sc.op.fo;
    return 301 https://fw.op.fo$request_uri;
}

# http to https
server {
    listen 80;
    server_name fw.op.fo;
    return 301 https://$host$request_uri;
}

# upstream configuration for postgrest (used as reversed proxy)
upstream postgrest {
    server localhost:3000;
}

# https
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    ssl_certificate /etc/nginx/acme.sh/op.fo/fullchain.pem;
    ssl_certificate_key /etc/nginx/acme.sh/op.fo/key.pem;
    ssl_trusted_certificate /etc/nginx/acme.sh/op.fo/cert.pem;

    add_header Strict-Transport-Security "max-age=63072000" always;

    root /var/www/fw.op.fo;
    index index.html;
    server_name fw.op.fo;

    location @myownredirect {
        return 302 /;
    }

    # postgrest reverse proxy
    location / {
        error_page 404 = @myownredirect;
    }

    # /dbg/shortcode | debug mode
    location ~ ^/dbg/(\w+) {
        default_type  application/json;
        proxy_hide_header Content-Location;
        add_header Content-Location  /rpc/$upstream_http_content_location;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_pass http://postgrest/rpc/fwd?p_shortcode=$1&p_dbg=true;
    }

    # /shortcode | normal mode
    location ~ ^/([A-Za-z0-9]+) {
        # https://stackoverflow.com/questions/53353572/proxy-pass-cannot-have-uri-part-in-location-given-by-regular-expression
        rewrite ^/([A-Za-z0-9]+) /rpc/fwd break;
        default_type  application/json;
        proxy_hide_header Content-Location;
        add_header Content-Location  /rpc/$upstream_http_content_location;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_method POST; # note, that if writing 'post' (lowercase) instead of 'POST' (uppercase), that will lead to the postgrest error "cannot use the post method on rpc"
#        set $query_string $args;
#        proxy_set_body $query_string;

#https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_body

proxy_set_body $request_body&p_dbg=true;


        proxy_pass http://postgrest;
    }

    # normal mode: /shortcode
#    location ~ ^/\w+ {
#        #rewrite ^/your_endpoint(.*)$ /your_backend_endpoint?args=$args break;
#        #rewrite ^ /your_backend_endpoint?args=$args break;
#        default_type  application/json;
#        proxy_hide_header Content-Location;
#        add_header Content-Location  /rpc/$upstream_http_content_location;
#        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#        proxy_http_version 1.1;
#        proxy_method post;
##        proxy_pass http://postgrest/rpc/fwd?args=$args;
##        proxy_pass http://postgrest/rpc/fwd;
#        proxy_pass http://postgrest;
#        proxy_set_body $args;
#    }

}