# TempMail Platform - Nginx Configuration

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    root /var/www/temp-mail-php/public;
    index index.php index.html;

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_types text/html text/css application/javascript application/json;

    # Cache static files
    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }

    # Protect sensitive directories
    location ~ ^/(config|classes|database)/ {
        deny all;
        return 403;
    }

    # API endpoints
    location /api/ {
        try_files $uri $uri/ /api/$1;
    }

    # Admin panel
    location /admin/ {
        try_files $uri $uri/ /admin/$1;
    }

    # Cron jobs
    location /cron/ {
        try_files $uri $uri/ /cron/$1;
    }

    # Mailparser
    location /mailparser/ {
        try_files $uri $uri/ /mailparser/$1;
    }

    # PHP processing
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        
        # PHP settings
        fastcgi_param PHP_VALUE "upload_max_filesize=10M \n post_max_size=10M \n max_execution_time=300 \n memory_limit=256M";
    }

    # Frontend routing
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # Deny access to hidden files
    location ~ /\. {
        deny all;
        return 403;
    }

    # Logs
    access_log /var/log/nginx/tempmail-access.log;
    error_log /var/log/nginx/tempmail-error.log;
}

# SSL Configuration (uncomment when SSL is enabled)
# server {
#     listen 443 ssl http2;
#     server_name yourdomain.com www.yourdomain.com;
#     root /var/www/temp-mail-php/public;
#     index index.php index.html;
#
#     ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
#     ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
#     ssl_protocols TLSv1.2 TLSv1.3;
#     ssl_ciphers HIGH:!aNULL:!MD5;
#
#     # Include the same location blocks as above
# }