# =============================================================================
# Configuração do Virtual Host Laravel
# Nginx + PHP-FPM
# =============================================================================

upstream php-fpm {
    server php:9000;
    keepalive 8;
}

server {
    listen 8000;
    listen [::]:8000;
    
    # Em produção, configure o domínio real
    server_name localhost v2.localhost _;
    
    # Document root - pasta public do Laravel
    root /var/www/html/public;
    index index.php index.html;

    # Charset
    charset utf-8;

    # Logs por vhost (opcional, remova se usar log centralizado)
    access_log /var/log/nginx/laravel_access.log;
    error_log /var/log/nginx/laravel_error.log;

    # ==========================================================================
    # Rotas do Laravel
    # ==========================================================================
    
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # Otimização Nível Nginx para o Selo (3.000 RPS)
    location ~ ^/api/v1/selo-operador {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php-fpm;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $realpath_root/index.php;
        
        # Cache de 10 minutos (Alta Disponibilidade)
        fastcgi_cache SELO_CACHE;
        fastcgi_cache_valid 200 10m;
        fastcgi_cache_use_stale error timeout updating http_500 http_503;
        fastcgi_cache_lock on;
        
        add_header X-Cache-Status $upstream_cache_status;
    }

    # ==========================================================================
    # Entrega Direta de Uploads (Ignora links simbólicos corrompidos no Git)
    # ==========================================================================
    location /storage/ {
        alias /var/www/html/storage/app/public/;
        access_log off;
        log_not_found off;
        expires max;
        add_header Cache-Control "public, no-transform";
    }
    
    # ==========================================================================
    # PHP-FPM
    # ==========================================================================
    
    location ~ \.php$ {
        try_files $uri =404;
        
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php-fpm;
        fastcgi_index index.php;
        
        # FastCGI params
        include fastcgi_params;
        fastcgi_param HTTP_HOST $http_host;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        
        # Buffers
        fastcgi_buffer_size 128k;
        fastcgi_buffers 4 256k;
        fastcgi_busy_buffers_size 256k;
        
        # Timeouts
        fastcgi_connect_timeout 60s;
        fastcgi_send_timeout 60s;
        fastcgi_read_timeout 60s;
        
        # Esconder headers sensíveis do PHP
        fastcgi_hide_header X-Powered-By;

        # Forçar HTTPS (se aplicável)
        fastcgi_param HTTPS $FORCE_HTTPS;
        fastcgi_param HTTP_X_FORWARDED_PROTO $scheme;
    }

    # ==========================================================================
    # Segurança
    # ==========================================================================
    
    # Bloquear acesso a arquivos sensíveis
    location ~ /\.(?!well-known) {
        deny all;
    }
    
    location ~ /\.env {
        deny all;
    }
    
    location ~ /\.git {
        deny all;
    }
    
    location ~ /composer\.(json|lock)$ {
        deny all;
    }
    
    location ~ /package(-lock)?\.json$ {
        deny all;
    }
    
    location ~ /phpunit\.xml$ {
        deny all;
    }

    # Bloquear acesso direto a arquivos PHP em pastas sensíveis
    location ~* ^/(storage|vendor|bootstrap)/.+\.php$ {
        deny all;
    }

    # ==========================================================================
    # Healthcheck endpoints
    # ==========================================================================
    
    # Endpoint para healthcheck do container
    location /health {
        access_log off;
        return 200 "healthy\n";
        add_header Content-Type text/plain;
    }
    

    # ==========================================================================
    # Robots.txt e Favicon
    # ==========================================================================
    
    location = /favicon.ico {
        access_log off;
        log_not_found off;
    }
    
    location = /robots.txt {
        access_log off;
        log_not_found off;
    }
}