events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    resolver 127.0.0.11 valid=30s;  # Docker DNS resolver

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    server {
        listen 80;

        # Block direct access to paths without computer name
        location ~ ^/(docs|api|openapi.json|redoc)$ {
            return 404;
        }

        # Root path for computer-name
        location ~ ^/([^/]+)/?$ {
            proxy_pass http://$1:8000/;
            
            # Add headers to preserve original request information
            proxy_set_header X-Original-URI $request_uri;
            proxy_set_header X-Original-Request $request_uri;
            proxy_set_header Original-Request-URI $request_uri;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Referer $http_referer;
            
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }

        # API endpoints
        location ~ ^/([^/]+)/api(/.*)?$ {
            proxy_pass http://$1:8000/api$2$is_args$args;
            
            # Add headers to preserve original request information
            proxy_set_header X-Forwarded-Prefix /$1;
            proxy_set_header X-Original-URI $request_uri;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Referer $http_referer;
            
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
            
            # Increase timeout
            proxy_read_timeout 60s;
        }

        # API docs endpoints
        location ~ ^/([^/]+)/(docs|openapi.json|redoc)$ {
            proxy_pass http://$1:8000/$2;
            
            # Add headers to preserve original request information
            proxy_set_header X-Original-URI $request_uri;
            proxy_set_header X-Original-Request $request_uri;
            proxy_set_header Original-Request-URI $request_uri;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Referer $http_referer;
            
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;

            # Rewrite paths in docs HTML
            sub_filter "url: '/openapi.json'," "url: 'openapi.json',";
            sub_filter_once on;
            sub_filter_types text/html;
        }

        # API docs static files
        location ~ ^/([^/]+)/docs/(.+\.(js|css|png))$ {
            proxy_pass http://$1:8000/docs/$2$is_args$args;
            proxy_http_version 1.1;
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }

        # noVNC app assets (including root)
        location ~ ^/([^/]+)/app(/.*)?$ {
            proxy_pass http://$1:6080/app$2$is_args$args;
            proxy_http_version 1.1;
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }

        # noVNC vendor assets (including root)
        location ~ ^/([^/]+)/vendor(/.*)?$ {
            proxy_pass http://$1:6080/vendor$2$is_args$args;
            proxy_http_version 1.1;
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }

        # noVNC core assets (including root)
        location ~ ^/([^/]+)/core(/.*)?$ {
            proxy_pass http://$1:6080/core$2$is_args$args;
            proxy_http_version 1.1;
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }

        # noVNC package.json and other root files
        location ~ ^/([^/]+)/([^/]+\.(json|ico|txt))$ {
            proxy_pass http://$1:6080/$2;
            proxy_http_version 1.1;
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }

        # noVNC main endpoint
        location ~ ^/([^/]+)/novnc/?$ {
            proxy_pass http://$1:6080/vnc.html;
            proxy_http_version 1.1;
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;

            # Rewrite WebSocket settings in the HTML
            sub_filter 'id="noVNC_setting_path" type="text" value="websockify"' 'id="noVNC_setting_path" type="text" value="$1/websockify"';
            sub_filter 'id="noVNC_setting_host"' 'id="noVNC_setting_host" disabled';
            sub_filter 'id="noVNC_setting_port" type="number"' 'id="noVNC_setting_port" type="number" disabled';
            # Set scaling mode to 'remote' by default
            sub_filter 'id="noVNC_setting_resize" value="off"' 'id="noVNC_setting_resize" value="local"';
            # Override WebSocket URL construction
            sub_filter '</head>' '<script>
                // Override WebSocket to force the correct path
                const OrigWebSocket = WebSocket;
                WebSocket = function(url, protocols) {
                    const pathParts = window.location.pathname.split("/");
                    const computerId = pathParts[1];
                    if (url.includes("/websockify")) {
                        url = window.location.origin + "/" + computerId + "/websockify";
                    }
                    return new OrigWebSocket(url, protocols);
                };
                WebSocket.prototype = OrigWebSocket.prototype;
                WebSocket.CONNECTING = OrigWebSocket.CONNECTING;
                WebSocket.OPEN = OrigWebSocket.OPEN;
                WebSocket.CLOSING = OrigWebSocket.CLOSING;
                WebSocket.CLOSED = OrigWebSocket.CLOSED;
            </script></head>';
            sub_filter_once off;
            sub_filter_types text/html;
        }

        # noVNC WebSocket endpoint
        location ~ ^/([^/]+)/websockify$ {
            proxy_pass http://$1:6080/websockify;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_cache_bypass $http_upgrade;
            proxy_read_timeout 61s;
            proxy_buffering off;
        }

        # VNC endpoint
        location ~ ^/([^/]+)/vnc/?(.*)$ {
            proxy_pass http://$1:5900/$2;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }

    }
}