user appuser; # Run Nginx worker processes as appuser
worker_processes auto;
daemon off; # Run in the foreground, managed by Docker/start.sh

# Ensure appuser can write to pid path if it's in a restricted location.
# Default for alpine nginx is /run/nginx/nginx.pid, which should be fine.
# If issues, uncomment and adjust:
# pid /tmp/nginx.pid;

error_log /var/log/nginx/error.log warn; # Ensure appuser can write here or adjust

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    sendfile on;
    keepalive_timeout 65;
    # gzip on; # Consider enabling gzip for better performance

    server {
        listen 80 default_server;
        server_name _;

        root /usr/share/nginx/html;
        index index.html;

        location / {
            try_files $uri $uri/ /index.html;
        }

        location /api/ {
            proxy_pass http://localhost:3000/api/; # Node API listens on 3000
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}