# HTTP → HTTPS Redirect + ACME Challenge
server {
    listen 80;
    server_name sanke.s-martika.com;

    # ACME Challenge für Let's Encrypt
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    # Alle anderen HTTP-Anfragen auf HTTPS umleiten
    location / {
        return 301 https://$host$request_uri;
    }
}

# Nginx Metrics für Prometheus
server {
    listen 8081;  # interner Port nur für Exporter
    server_name snake.s-martika.com;

    location /status {
        stub_status;
        allow all;
    }
}



# HTTPS Server
server {
    listen 443 ssl http2;
    server_name example.com;

    # Pfad zu den Zertifikaten
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    # Weiterleitung an den App-Container
    location / {
        proxy_pass http://app:80;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
    }
}