# hamkadr.ir reverse-proxy vhost for the EXISTING nginx on the server.
# Install:
#   sudo cp deploy/nginx-hamkadr.ir.conf /etc/nginx/sites-available/hamkadr.ir
#   sudo ln -s /etc/nginx/sites-available/hamkadr.ir /etc/nginx/sites-enabled/
#   sudo nginx -t && sudo systemctl reload nginx
#   sudo certbot --nginx -d hamkadr.ir -d www.hamkadr.ir   # adds the :443 server + HTTP→HTTPS redirect
#
# The port below MUST match HOST_PORT in the Gitea ENV_FILE secret (default 8090).

server {
    listen 80;
    listen [::]:80;
    server_name hamkadr.ir www.hamkadr.ir;

    # The app binds 127.0.0.1:8090 (docker-compose.yml, service "api") — never exposed publicly.
    location / {
        proxy_pass http://127.0.0.1:8090;
        proxy_http_version 1.1;
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;   # app's ForwardedHeaders reads this → knows it's HTTPS
        proxy_read_timeout 60s;
    }
}