# ============================================================
# Nginx Global Configuration — SocialAI Platform
# ============================================================

user  nginx;
worker_processes  auto;
worker_rlimit_nofile 65535;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  4096;
    multi_accept        on;
    use                 epoll;
}

http {
    # ── MIME Types ─────────────────────────────────────────────
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    # ── Logging ────────────────────────────────────────────────
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" '
                      'rt=$request_time uct="$upstream_connect_time" '
                      'uht="$upstream_header_time" urt="$upstream_response_time"';

    access_log  /var/log/nginx/access.log  main;

    # ── Performance ────────────────────────────────────────────
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    keepalive_requests  100;
    types_hash_max_size 2048;
    server_tokens       off;

    # ── Buffers ────────────────────────────────────────────────
    client_body_buffer_size     128k;
    client_max_body_size        110m;
    client_header_buffer_size   1k;
    large_client_header_buffers 4 4k;
    output_buffers              1 32k;
    postpone_output             1460;

    # ── Timeouts ───────────────────────────────────────────────
    client_body_timeout   12;
    client_header_timeout 12;
    send_timeout          10;

    # ── Compression ────────────────────────────────────────────
    gzip                on;
    gzip_vary           on;
    gzip_proxied        any;
    gzip_comp_level     6;
    gzip_buffers        16 8k;
    gzip_http_version   1.1;
    gzip_min_length     256;
    gzip_types
        application/atom+xml
        application/geo+json
        application/javascript
        application/x-javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rdf+xml
        application/rss+xml
        application/vnd.ms-fontobject
        application/wasm
        application/x-font-ttf
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/eot
        font/otf
        font/ttf
        image/bmp
        image/svg+xml
        image/x-icon
        text/cache-manifest
        text/calendar
        text/css
        text/javascript
        text/markdown
        text/plain
        text/xml
        text/x-component
        text/x-cross-domain-policy;

    # ── Rate Limiting ──────────────────────────────────────────
    limit_req_zone  $binary_remote_addr zone=api:10m     rate=60r/m;
    limit_req_zone  $binary_remote_addr zone=auth:10m    rate=10r/m;
    limit_req_zone  $binary_remote_addr zone=uploads:10m rate=20r/m;
    limit_conn_zone $binary_remote_addr zone=conn:10m;

    # ── Proxy Cache ────────────────────────────────────────────
    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m
                     inactive=7d  use_temp_path=off;

    # ── Upstream definitions ───────────────────────────────────
    upstream backend_php {
        server backend:9000;
        keepalive 32;
    }

    upstream frontend_next {
        server frontend:3000;
        keepalive 32;
    }

    # ── Include vhost configs ──────────────────────────────────
    include /etc/nginx/conf.d/*.conf;
}