#user  nobody;
worker_processes  1;
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    # Include MIME types
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    # Rate limiting with connection limits for noVNC
    limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
    limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;

    # Upstream for miniRT with connection limiting
    upstream minirt_backend {
        server minirt:6080 max_conns=2;  # Limit to 2 concurrent connections
    }

    server {
        listen  80;
        listen [::]:80;

        charset utf-8;
        server_name victorvobis.org www.victorvobis.org;
        root /var/www/html;

        limit_conn conn_limit_per_ip 2;

        location / {
            index index.html index.htm;
        }

        location /minishell/vnc {
            proxy_pass http://minishell:8006/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        location /minirt/password {
            add_header Content-Type application/json;
            try_files /json/password.json =404;
        }

        location /minirt/vnc {
            index vnc.html;
            try_files $uri $uri/ /vnc.html;

            # Ensure proper MIME types for JavaScript modules
            location ~* \.js$ {
                add_header Content-Type "application/javascript" always;
                expires 1h;
            }
            location ~* \.css$ {
                add_header Content-Type "text/css" always;
                expires 1h;
            }
            location ~* \.(png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
                expires 1d;
                add_header Cache-Control "public, immutable";
            }
        }

        location /vnc {
            alias /opt/noVNC/;
            index vnc.html;
            try_files $uri $uri/ /vnc.html;

            # Ensure proper MIME types for JavaScript modules
            location ~* \.js$ {
                add_header Content-Type "application/javascript" always;
                expires 1h;
            }
            location ~* \.css$ {
                add_header Content-Type "text/css" always;
                expires 1h;
            }
            location ~* \.(png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
                expires 1d;
                add_header Cache-Control "public, immutable";
            }
        }

        # Proxy ONLY WebSocket connections to the minirt container
        location /websockify {
            proxy_pass http://minirt_backend;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_read_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_connect_timeout 60s;
            proxy_buffering off;
        }

    }
}