##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#


server {

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name iset.portalpaciente.com.ar;

	location /orthanc/ {
		proxy_pass http://127.0.0.1:8042/orthanc/ui/app/#/;
		proxy_set_header HOST $host;
		proxy_set_header X-Real-IP $remote_addr;
		rewrite /orthanc(.*) $1 break;

		add_header 'Access-Control-Allow-Credentials' 'true';
	        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
	        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
	        add_header 'Access-Control-Allow-Origin' '*';

		proxy_set_header Authorization "Basic cHVibGljOmhlbGxv";

		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		#try_files $uri $uri/ =404;
	}


	location /api/find {
          proxy_pass http://localhost:3001/api/find;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;

          proxy_connect_timeout 60;
          proxy_send_timeout 60;
          proxy_read_timeout 60;

        }

	# API para descarga de estudios
	location /api/studies {
          proxy_pass http://localhost:3001/api/studies;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;

          proxy_connect_timeout 60;
          proxy_send_timeout 300;  # Timeout más largo para descargas
          proxy_read_timeout 300;  # Timeout más largo para descargas
          
          # Headers importantes para descargas
          proxy_buffering off;
          proxy_request_buffering off;
        }
        
        # Capturar rutas más específicas de /api/studies (debe ir después de la ruta base)
        location ~ ^/api/studies/.+$ {
          proxy_pass http://localhost:3001;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;

          proxy_connect_timeout 60;
          proxy_send_timeout 300;
          proxy_read_timeout 300;
          
          proxy_buffering off;
          proxy_request_buffering off;
        }

	# Proxy para VolView (visualización 3D)
	location /volview {
          proxy_pass http://127.0.0.1:8042/volview;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          
          # Headers importantes para aplicaciones web
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          
          # Timeouts más largos para aplicaciones interactivas
          proxy_connect_timeout 60;
          proxy_send_timeout 300;
          proxy_read_timeout 300;
          
          # Desactivar buffering para mejor rendimiento
          proxy_buffering off;
          proxy_request_buffering off;
          
          # Headers CORS si son necesarios
          add_header 'Access-Control-Allow-Origin' '*' always;
          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
          add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
	}

	# Proxy para estudios de Orthanc (necesario para que volview cargue los archivos)
	# VolView necesita acceder a /studies/{studyID}/archive desde /volview
	location /studies {
          proxy_pass http://127.0.0.1:8042/studies;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          
          # Autenticación básica para Orthanc
          proxy_set_header Authorization "Basic cHVibGljOmhlbGxv";
          
          # Timeouts más largos para descargas de archivos grandes
          proxy_connect_timeout 60;
          proxy_send_timeout 300;
          proxy_read_timeout 300;
          
          # Desactivar buffering para archivos binarios
          proxy_buffering off;
          proxy_request_buffering off;
          
          # Headers CORS
          add_header 'Access-Control-Allow-Origin' '*' always;
          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
          add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
	}

	# Proxy para el visor de estudios (puerto 3000)
	location /viewer {
          proxy_pass http://127.0.0.1:3000/viewer;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          
          # Headers importantes para aplicaciones web
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          
          # Timeouts más largos para aplicaciones interactivas
          proxy_connect_timeout 60;
          proxy_send_timeout 300;
          proxy_read_timeout 300;
          
          # Desactivar buffering para mejor rendimiento
          proxy_buffering off;
          proxy_request_buffering off;
          
          # Headers CORS
          add_header 'Access-Control-Allow-Origin' '*' always;
          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
          add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
	}

	location /isetarc {
          proxy_pass http://localhost:7080/dcm4chee-arc/aets/AS_RECEIVED/rs/studies;
          proxy_set_header HOST $host;
          proxy_set_header X-Real_IP $remote_addr;
	
	}

	location /pacientes {
          proxy_pass http://localhost:8080/viewdownload3;
          #proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
        }



	# pass PHP scripts to FastCGI server
	#
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
		fastcgi_pass unix:/run/php/php7.2-fpm.sock;
	#	# With php-cgi (or other tcp sockets):
	#	fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	}

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/iset.portalpaciente.com.ar/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/iset.portalpaciente.com.ar/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

server {
    if ($host = iset.portalpaciente.com.ar) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80 default_server;
	listen [::]:80 default_server;

	server_name iset.portalpaciente.com.ar;
    return 404; # managed by Certbot


}
