server {
    listen 80;
    server_name _;

    root /usr/share/nginx/html;
    index index.html;

    # Proxy API requests to the FastAPI container via Docker bridge network.
    location /api/ {
        proxy_pass http://api:8512;
        proxy_set_header Host $http_host;
        # Prefer X-Real-IP set by Caddy (real client address); fall back to $remote_addr
        # when accessed directly on LAN without Caddy in the path.
        proxy_set_header X-Real-IP $http_x_real_ip;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
        # Forward the session header injected by Caddy from cf_session cookie.
        proxy_set_header X-CF-Session $http_x_cf_session;
        # Allow image uploads (barcode/receipt photos from phone cameras).
        client_max_body_size 20m;
    }

    # Direct-port LAN access (localhost:8515): when VITE_API_BASE='/kiwi', the frontend
    # builds API calls as /kiwi/api/v1/... — proxy these to the API container.
    # Through Caddy the /kiwi prefix is stripped before reaching nginx, so this block
    # is only active for direct-port access without Caddy in the path.
    # Longer prefix (/kiwi/api/ = 10 chars) beats ^~/kiwi/ (6 chars) per nginx rules.
    location /kiwi/api/ {
        rewrite ^/kiwi(/api/.*)$ $1 break;
        proxy_pass http://api:8512;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $http_x_real_ip;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_set_header X-CF-Session $http_x_cf_session;
        client_max_body_size 20m;
    }

    # When accessed directly (localhost:8515) instead of via Caddy (/kiwi path-strip),
    # Vite's /kiwi base URL means assets are requested at /kiwi/assets/... but stored
    # at /assets/... in nginx's root. Alias /kiwi/ → root so direct port access works.
    # ^~ prevents regex locations from overriding this prefix match for /kiwi/ paths.
    location ^~ /kiwi/ {
        alias /usr/share/nginx/html/;
        try_files $uri $uri/ /index.html;
    }

    location = /index.html {
        add_header Cache-Control "no-cache, no-store, must-revalidate";
        try_files $uri /index.html;
    }

    location / {
        try_files $uri $uri/ /index.html;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff2?)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }
}