server {
    server_name openwebui.waterruupto.duckdns.org;
    
    client_max_body_size 20M;
    
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/openwebui.waterruupto.duckdns.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/openwebui.waterruupto.duckdns.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
    server_name cronicle.waterruupto.duckdns.org;
    
    client_max_body_size 20M;
    
    location / {
        proxy_pass http://127.0.0.1:3012;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/cronicle.waterruupto.duckdns.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cronicle.waterruupto.duckdns.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

}

server {
    server_name waterruupto.duckdns.org;
    
    root /home/garg/music-website/output;

    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/waterruupto.duckdns.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/waterruupto.duckdns.org/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {  # Add this line to enable HTTP
    server_name transcripts.waterruupto.duckdns.org;
    
    # Document root is the web folder where static files are generated
    root /home/garg/annotate-voice/web;
    
    # Index file
    index index.html;
    
    # Default location block
    location / {
        try_files $uri $uri/ =404;
        
        # Basic authentication
        auth_basic "Restricted Area";
        auth_basic_user_file /etc/nginx/auth/.htpasswd;

        # Basic cache settings for static assets
        expires 7d;
        add_header Cache-Control "public, max-age=604800";
    }
    
    # Enable gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1000;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;   

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/transcripts.waterruupto.duckdns.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/transcripts.waterruupto.duckdns.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    server_name fs.waterruupto.duckdns.org;
    
    client_max_body_size 10G;
    
    location / {
        proxy_pass http://127.0.0.1:3923;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/fs.waterruupto.duckdns.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/fs.waterruupto.duckdns.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = movies.waterruupto.duckdns.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name movies.waterruupto.duckdns.org;
    listen 80;
    return 404; # managed by Certbot


}

server {
    if ($host = fs.waterruupto.duckdns.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name fs.waterruupto.duckdns.org;

    listen 80;
    return 404; # managed by Certbot


}


# Services Dashboard - Add this to your existing nginx configuration
server {
    listen 80;
    server_name localhost 192.168.1.159;
    
    root /home/garg/remote-server/services-dashboard;
    index index.html;
    
    location / {
        try_files $uri $uri/ =404;
    }
    
    # Optional: Add some security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    
    # Cache static assets
    location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
        expires 7d;
        add_header Cache-Control "public, immutable";
    }
}