# NGINX configuration for assets.daarion.space
# Proxies requests to MinIO S3-compatible storage

server {
    server_name assets.daarion.space;

    # MinIO S3 API proxy
    location / {
        proxy_pass http://127.0.0.1:9000;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Allow large file uploads
        client_max_body_size 100M;
        
        # CORS headers for public assets
        add_header Access-Control-Allow-Origin * always;
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
        add_header Access-Control-Allow-Headers "Range, Content-Type" always;
        
        # Cache static assets
        proxy_cache_valid 200 302 1d;
        proxy_cache_valid 404 1h;
        add_header Cache-Control "public, max-age=86400" always;
    }

    # Health check endpoint
    location /minio/health/live {
        proxy_pass http://127.0.0.1:9000/minio/health/live;
        access_log off;
    }

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/assets.daarion.space/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/assets.daarion.space/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
    if ($host = assets.daarion.space) {
        return 301 https://$host$request_uri;
    }

    listen 80;
    server_name assets.daarion.space;
    return 404;
}