# Main app - st.vish.gg
server {
    listen 80;
    server_name st.vish.gg;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name st.vish.gg;

    ssl_certificate /etc/nginx/ssl/st.vish.gg.crt;
    ssl_certificate_key /etc/nginx/ssl/st.vish.gg.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;

    location / {
        # This would proxy to the frontend app when it's set up
        # For now, return a placeholder
        return 200 "Stoatchat Frontend - Coming Soon";
        add_header Content-Type text/plain;
    }
}

# API - api.st.vish.gg
server {
    listen 80;
    server_name api.st.vish.gg;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name api.st.vish.gg;

    ssl_certificate /etc/letsencrypt/live/api.st.vish.gg/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/api.st.vish.gg/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://127.0.0.1:14702;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
    }
}

# Events WebSocket - events.st.vish.gg
server {
    listen 80;
    server_name events.st.vish.gg;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name events.st.vish.gg;

    ssl_certificate /etc/letsencrypt/live/events.st.vish.gg/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/events.st.vish.gg/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://127.0.0.1:14703;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}

# Files - files.st.vish.gg
server {
    listen 80;
    server_name files.st.vish.gg;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name files.st.vish.gg;

    ssl_certificate /etc/letsencrypt/live/files.st.vish.gg/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/files.st.vish.gg/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;

    client_max_body_size 100M;

    location / {
        proxy_pass http://127.0.0.1:14704;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Proxy - proxy.st.vish.gg
server {
    listen 80;
    server_name proxy.st.vish.gg;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name proxy.st.vish.gg;

    ssl_certificate /etc/letsencrypt/live/proxy.st.vish.gg/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/proxy.st.vish.gg/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://127.0.0.1:14705;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Voice/LiveKit - voice.st.vish.gg
server {
    listen 80;
    server_name voice.st.vish.gg;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name voice.st.vish.gg;

    ssl_certificate /etc/letsencrypt/live/voice.st.vish.gg/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/voice.st.vish.gg/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://127.0.0.1:7880;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}