# Beispiel Apache-Konfiguration für tt-tagebuch.de
# Diese Datei sollte in /etc/apache2/sites-available/tt-tagebuch.de.conf eingefügt werden
# 
# WICHTIG: Folgende Module müssen aktiviert sein:
# sudo a2enmod proxy
# sudo a2enmod proxy_http
# sudo a2enmod proxy_wstunnel
# sudo a2enmod rewrite
# sudo a2enmod ssl
# sudo a2enmod headers
# sudo systemctl restart apache2

<VirtualHost *:80>
    ServerName tt-tagebuch.de
    ServerAlias www.tt-tagebuch.de
    
    # Redirect HTTP zu HTTPS
    Redirect permanent / https://tt-tagebuch.de/
</VirtualHost>

<VirtualHost *:443>
    ServerName tt-tagebuch.de
    ServerAlias www.tt-tagebuch.de

    # SSL-Konfiguration (anpassen je nach Zertifikat)
    SSLEngine on
    SSLCertificateFile /path/to/ssl/cert.pem
    SSLCertificateKeyFile /path/to/ssl/key.pem
    # Optional: SSLCertificateChainFile /path/to/ssl/chain.pem

    # SSL-Einstellungen
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite HIGH:!aNULL:!MD5
    SSLHonorCipherOrder on

    # Logging
    ErrorLog ${APACHE_LOG_DIR}/tt-tagebuch.de-error.log
    CustomLog ${APACHE_LOG_DIR}/tt-tagebuch.de-access.log combined

    # Max Upload Size
    LimitRequestBody 52428800

    # WebSocket-Proxy für Socket.IO
    # WICHTIG: Diese Location muss VOR der allgemeinen /api Location stehen
    <LocationMatch "^/socket\.io/">
        ProxyPass ws://localhost:3005/socket.io/
        ProxyPassReverse ws://localhost:3005/socket.io/
        
        # WebSocket-Upgrade Headers
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "ws://localhost:3005/$1" [P,L]
        
        # Fallback für HTTP (Polling)
        ProxyPass http://localhost:3005/socket.io/
        ProxyPassReverse http://localhost:3005/socket.io/
        
        # Headers
        ProxyPreserveHost On
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Real-IP %{REMOTE_ADDR}s
    </LocationMatch>

    # API-Routen
    <Location /api/>
        ProxyPass http://localhost:3005/api/
        ProxyPassReverse http://localhost:3005/api/
        
        ProxyPreserveHost On
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Real-IP %{REMOTE_ADDR}s
    </Location>

    # Statische Frontend-Dateien
    DocumentRoot /var/www/tt-tagebuch.de/frontend/dist
    
    <Directory /var/www/tt-tagebuch.de/frontend/dist>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
        
        # Fallback auf index.html für Vue Router
        RewriteEngine On
        RewriteBase /
        RewriteRule ^index\.html$ - [L]
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule . /index.html [L]
    </Directory>

    # Cache-Control für statische Assets
    <LocationMatch "\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$">
        ExpiresActive On
        ExpiresDefault "access plus 1 year"
        Header set Cache-Control "public, immutable"
    </LocationMatch>

    # Security Headers
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-XSS-Protection "1; mode=block"
</VirtualHost>