# Basic nginx config for tkr
# Replace "your-domain.com" with your actual domain
# Replace "/var/www/tkr" with your installation path

# HTTP - redirect to HTTPS
server {
    listen 80;
    listen [::]:80;
    server_name your-domain.com;
    return 301 https://$host$request_uri;
}

# HTTPS
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    
    server_name your-domain.com;
    root /var/www/tkr/public;
    index index.php;
    
    # SSL Configuration (using Let's Encrypt)
    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
    
    # Block access to sensitive directories
    location ~ ^/(storage|src|templates|config) {
        deny all;
        return 404;
    }
    
    # Block access to hidden files
    location ~ /\. {
        deny all;
    }
    
    # Front controller pattern - route everything through index.php
    location / {
        try_files $uri $uri/ @tkr;
    }
    
    # Handle PHP requests
    location @tkr {
        fastcgi_pass unix:/run/php/php8.2-fpm.sock;  # Adjust PHP version as needed
        fastcgi_param SCRIPT_FILENAME /var/www/tkr/public/index.php;
        include fastcgi_params;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_param QUERY_STRING $query_string;
    }
}