# HTTPS Configuration for quickbookposhelp.access.ly
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    
    server_name quickbookposhelp.access.ly;
    
    # SSL Certificate
    ssl_certificate /etc/letsencrypt/live/quickbookposhelp.access.ly/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/quickbookposhelp.access.ly/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    # Document root
    root /home/pts/Documents/QBPOS_Help_Web/QB_Help_Web;
    index POS_Help.html;
    
    # Access and error logs
    access_log /var/log/nginx/qbpos-access.log combined buffer=32k;
    error_log /var/log/nginx/qbpos-error.log warn;
    
    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_types text/plain text/css text/xml text/javascript 
               application/x-javascript application/xml+rss 
               application/javascript application/json;
    
    # Static asset caching (images and icons)
    location ~* \.(gif|jpg|jpeg|png|ico)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off;
    }
    
    # CSS and JS caching (shorter for updates)
    location ~* \.(css|js)$ {
        expires 1h;
        add_header Cache-Control "public, must-revalidate";
        access_log off;
    }
    
    # HTML files cache
    location ~* \.(html|htm)$ {
        expires 1h;
        add_header Cache-Control "public, must-revalidate";
    }
    
    # Main location - serves index automatically
    location / {
        try_files $uri $uri/ /POS_Help.html;
    }
    
    # Certbot verification
    location /.well-known/acme-challenge/ {
        root /var/www/html;
    }
}

# HTTP to HTTPS redirect
server {
    listen 80;
    listen [::]:80;
    
    server_name quickbookposhelp.access.ly;
    
    return 301 https://$host$request_uri;
}