server {
    listen 443 ssl;
    server_name fabnum-blog.peccini.fr;

    root /var/www/FabNum_blog/public;
    index index.html;

	location ^~ /isso/ {
	    proxy_pass http://127.0.0.1:8181/;
	    proxy_set_header Host $host;
	    proxy_set_header X-Forwarded-For $remote_addr;
	}

    # GZIP compression
    gzip on;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
    gzip_min_length 1024;
    gzip_vary on;

    # Caching for static files
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|woff|woff2|ttf|svg|eot|mp4|webp)$ {
        expires 30d;
        add_header Cache-Control "public";
    }

    # No cache for HTML and feeds
    location ~* \.(html|xml|json|rss)$ {
        expires -1;
        add_header Cache-Control "no-cache, no-store, must-revalidate";
        add_header Pragma "no-cache";
    }

    # Main site
    location / {
        try_files $uri $uri/ =404;
    }

    # SSL settings
    ssl_certificate /etc/letsencrypt/live/fabnum-blog.peccini.fr/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/fabnum-blog.peccini.fr/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    }

# Redirect www → non-www (HTTPS)
server {
    listen 443 ssl;
    server_name www.fabnum-blog.peccini.fr;

    return 301 https://fabnum-blog.peccini.fr$request_uri;

    ssl_certificate /etc/letsencrypt/live/fabnum-blog.peccini.fr/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/fabnum-blog.peccini.fr/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

# Redirect all HTTP → HTTPS (both www and non-www)
server {
    listen 80;
    server_name fabnum-blog.peccini.fr www.fabnum-blog.peccini.fr;

    return 301 https://fabnum-blog.peccini.fr$request_uri;
}