upstream xtream_backend {
    server localhost:8080;
}

server {
    listen 80;
    server_name _;

    # Limit request sizes to prevent abuse
    client_max_body_size 256M;

    # Single location for all requests
    location / {
        proxy_pass http://xtream_backend;
        proxy_http_version 1.1;
        
        # Preserve original request information
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Explicitly pass Authorization header
        proxy_set_header Authorization $http_authorization;
        proxy_pass_request_headers on;
        
        # WebSocket support (if needed)
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # Timeouts for long-running requests (streaming)
        proxy_connect_timeout 60s;
        proxy_send_timeout 3600s;
        proxy_read_timeout 3600s;
        
        # Disable buffering for streaming
        proxy_buffering off;
        proxy_request_buffering off;
        
        # Allow range requests for seeking
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
    }

    # Static assets with cache control
    location ~ \.(js|css|html|png|svg|jpg|jpeg|gif)$ {
        proxy_pass http://xtream_backend;
        proxy_http_version 1.1;
        
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
        # Disable caching for assets - force browser to revalidate
        add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0" always;
        add_header Pragma "no-cache" always;
        add_header Expires "0" always;
    }

    # Health check endpoint
    location /health {
        access_log off;
        return 200 "OK";
        add_header Content-Type "text/plain";
    }
}