events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Основной сервер для легитимных доменов
    server {
        listen 80;
        server_name hb3-accelerator.com www.hb3-accelerator.com localhost;

        # API прокси (точное совпадение для /api/)
        location /api/ {
            proxy_pass http://dapp-backend:8000;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            
            # Передача cookies и сессии
            proxy_pass_request_headers on;
            proxy_pass_request_body on;
            proxy_set_header Cookie $http_cookie;
            proxy_set_header Authorization $http_authorization;
        }

        # Проксирование к development серверу frontend
        location / {
            proxy_pass http://dapp-frontend:5173;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
        }
    }

    # Сервер по умолчанию для блокировки подозрительных доменов
    server {
        listen 80 default_server;
        server_name _;
        
        # Возвращаем 444 (Connection Closed Without Response)
        return 444;
        
        # Логируем попытки доступа к подозрительным доменам
        access_log /var/log/nginx/suspicious_domains.log;
    }
}