events {
    worker_connections 256;
}

http {
    server {
        listen 8443 ssl;
        server_name play.consultoria-as.com;

        ssl_certificate /etc/letsencrypt/live/play.consultoria-as.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/play.consultoria-as.com/privkey.pem;
        ssl_protocols TLSv1.2 TLSv1.3;

        # Geth JSON-RPC proxy
        location / {
            proxy_pass http://geth:8545;
            proxy_http_version 1.1;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Content-Type application/json;

            # CORS for MetaMask
            add_header Access-Control-Allow-Origin * always;
            add_header Access-Control-Allow-Methods "POST, GET, OPTIONS" always;
            add_header Access-Control-Allow-Headers "Content-Type" always;

            if ($request_method = OPTIONS) {
                return 204;
            }
        }
    }
}