# Staging environment configuration
upstream cmc_php_staging {
    server cmc-php-staging:80;
}

upstream cmc_go_staging {
    server cmc-go-staging:8080;
}

server {
    server_name staging.cmc.springupsoftware.com;
    
    # Basic auth for staging
    auth_basic_user_file /etc/nginx/userpasswd;
    auth_basic "CMC Sales Staging - Restricted Access";
    
    # Security headers
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Referrer-Policy "strict-origin-when-cross-origin";
    
    # Staging banner
    add_header X-Environment "STAGING";
    
    # CakePHP legacy app routes
    location / {
        proxy_pass http://cmc_php_staging;
        proxy_read_timeout 300s;
        proxy_connect_timeout 10s;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Environment "staging";
    }
    
    # Go API routes
    location /api/ {
        proxy_pass http://cmc_go_staging;
        proxy_read_timeout 300s;
        proxy_connect_timeout 10s;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Environment "staging";
    }
    
    # Go page routes for emails
    location ~ ^/(emails|customers|products|purchase-orders|enquiries|documents) {
        proxy_pass http://cmc_go_staging;
        proxy_read_timeout 300s;
        proxy_connect_timeout 10s;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Environment "staging";
    }
    
    # Static files from Go app
    location /static/ {
        proxy_pass http://cmc_go_staging;
        proxy_cache_valid 200 1h;
        add_header Cache-Control "public, max-age=3600";
    }
    
    # PDF files
    location /pdf/ {
        proxy_pass http://cmc_go_staging;
        proxy_cache_valid 200 1h;
        add_header Cache-Control "public, max-age=3600";
    }
    
    # Health check endpoints
    location /health {
        proxy_pass http://cmc_go_staging/api/v1/health;
        access_log off;
    }
    
    # Error pages
    error_page 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    listen 80;
}