# ══════════════════════════════════════════════════════════
#  TechField CRM — Nginx config pentru ops.techfield.ro
#  Copiaza in: /etc/nginx/sites-available/ops.techfield.ro
#  Apoi: sudo ln -s /etc/nginx/sites-available/ops.techfield.ro /etc/nginx/sites-enabled/
#  Apoi: sudo nginx -t && sudo systemctl reload nginx
# ══════════════════════════════════════════════════════════

server {
    listen 80;
    server_name ops.techfield.ro;

    # Redirect tot HTTP → HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name ops.techfield.ro;

    # ── SSL (ajusteaza caile daca folosesti Let's Encrypt) ──
    ssl_certificate     /etc/letsencrypt/live/ops.techfield.ro/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ops.techfield.ro/privkey.pem;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    # ── Proxy catre Node.js (port 3000) ────────────────────
    location / {
        proxy_pass         http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection 'upgrade';
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;

        # IMPORTANT: nu face try_files aici, lasa Node.js sa gestioneze
    }

    # ── Upload size (pentru fisiere cloud) ─────────────────
    client_max_body_size 50M;

    # ── Logs ───────────────────────────────────────────────
    access_log /var/log/nginx/ops.techfield.ro.access.log;
    error_log  /var/log/nginx/ops.techfield.ro.error.log;
}