# -----------------------------------------------------------------------------
# EXAMPLE virtual-host config
# Copy to conf.d/, replace "example.com" & "app" with your own values.
# -----------------------------------------------------------------------------
server {
    # Primary and wildcard hostnames
    server_name example.com *.example.com;

    # Docker-embedded resolver; 127.0.0.11 is the default for user-defined networks
    resolver 127.0.0.11 valid=30s;
    set $target http://app:80;   # ⇐ upstream container / service name

    location / {
        # Preserve client metadata
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;

        # Scheme / host / port forward for apps that need absolute URLs
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host  $host;
        proxy_set_header X-Forwarded-Port  443;

        # Ship it
        proxy_pass $target;
    }

    # --- TLS (managed by Certbot) -------------------------------------------
    listen [::]:443 ssl;
    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include             /etc/letsencrypt/options.conf;
    ssl_dhparam         /etc/letsencrypt/dhparam.pem;
}

# Optional HTTP block — kept minimal so Certbot can attach HTTP-01 later
server {
    server_name example.com *.example.com;
    listen 80;
    return 404;
}