# /etc/docker_registry/nginx.conf

server {
    listen 8080;
    server_name ${custom docker register domain};

    client_max_body_size 0;
    chunked_transfer_encoding on;

    # --- Location for Docker Registry API (v2) ---
    location /v2/ {
        # Enable Basic Authentication
        auth_basic "Docker Registry";
        auth_basic_user_file /auth/registry.passwd;

        # --- CORS Configuration ---
        # Allow API requests originating from your UI domain.
        set $cors_origin "http://${custom docker register domain}"; # Adjust http/https if needed
        if ($http_origin ~* ^https?://docker\.wwhy\.games$) {
             set $cors_origin $http_origin;
        }
        add_header 'Access-Control-Allow-Origin' "$cors_origin" always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, X-Requested-With' always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Expose-Headers' 'Docker-Content-Digest' always;

        # Handle OPTIONS preflight requests for CORS
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' "$cors_origin" always;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, X-Requested-With' always;
            add_header 'Access-Control-Allow-Credentials' 'true' always;
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 204;
        }

        # Proxy requests to the actual Docker Registry backend service
        proxy_pass                          http://docker-registry-backend:5000;
        proxy_set_header  Host              $http_host;
        proxy_set_header  X-Real-IP         $remote_addr;
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_read_timeout                  900;
    }

    # --- Dedicated Health Check Location --- (For ALB)
    location = /healthz { # Use '= /healthz' for exact match
        access_log off;
        return 200 "OK";
        add_header Content-Type text/plain;
    }

    # --- Location for Docker Registry UI (Served from Root) ---
    # This now handles requests for '/' and anything not matching /v2/ or /healthz
    location / {
        # No authentication needed to access the UI itself
        proxy_pass http://registry-ui:80; # Proxy to the UI container's root

        # Standard proxy headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
    }
}