# slack-notifier 앞단 HTTPS 리버스 프록시 (nginx).
# gitea.palntour.com:9998 (HTTPS) → 127.0.0.1:9999 (Go 앱)
#
# 배치: sudo cp deploy/nginx-slack-notifier.conf /etc/nginx/conf.d/slack-notifier.conf
#       sudo nginx -t && sudo systemctl reload nginx
#
# 사전 준비
#   1) EC2 보안그룹 인바운드: 80(인증서 발급용), 9998(웹훅 수신) 열기
#   2) Let's Encrypt 인증서 발급:  sudo certbot certonly --standalone -d gitea.palntour.com
#   3) (Amazon Linux/SELinux) 아래 두 줄:
#        sudo semanage port -a -t http_port_t -p tcp 9998
#        sudo setsebool -P httpd_can_network_connect 1
#
# 웹훅 등록 주소:
#   https://gitea.palntour.com:9998/webhooks/gitea
#   https://gitea.palntour.com:9998/webhooks/notion

server {
    listen 9998 ssl;
    listen [::]:9998 ssl;
    server_name gitea.palntour.com;

    ssl_certificate     /etc/letsencrypt/live/gitea.palntour.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/gitea.palntour.com/privkey.pem;
    ssl_protocols       TLSv1.2 TLSv1.3;

    # 웹훅 본문이 큰 경우 대비
    client_max_body_size 5m;

    location / {
        proxy_pass         http://127.0.0.1:9999;
        proxy_http_version 1.1;
        proxy_set_header   Host              $host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_read_timeout 30s;
    }
}