# Apache SSL VirtualHost für NinjaCross
# Datei: /etc/apache2/sites-available/ninjaserver-ssl.conf

<VirtualHost *:443>
    ServerName ninja.reptilfpv.de
    DocumentRoot /var/www/html
    
    # SSL Configuration
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/ninja.reptilfpv.de/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/ninja.reptilfpv.de/privkey.pem
    
    # Security Headers für Kamera-Zugriff
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set Referrer-Policy strict-origin-when-cross-origin
    
    # Wichtig für Kamera-Zugriff
    Header always set Permissions-Policy "camera=self, microphone=()"
    
    # WebSocket Support - MUSS vor dem generellen Proxy stehen
    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/?(.*) "ws://localhost:3000/$1" [P,L]
    
    # Socket.IO spezifische WebSocket-Routen
    ProxyPass /socket.io/ ws://localhost:3000/socket.io/
    ProxyPassReverse /socket.io/ ws://localhost:3000/socket.io/
    
    # Standard HTTP/HTTPS Reverse Proxy zu Node.js
    ProxyPreserveHost On
    ProxyPass /socket.io/ !
    ProxyPass / http://localhost:3000/
    ProxyPassReverse / http://localhost:3000/
    
    # WebSocket Proxy-Einstellungen
    ProxyTimeout 3600
    ProxyBadHeader Ignore
    
    # Logging
    ErrorLog ${APACHE_LOG_DIR}/ninjaserver_ssl_error.log
    CustomLog ${APACHE_LOG_DIR}/ninjaserver_ssl_access.log combined
</VirtualHost>

# HTTP zu HTTPS Redirect
<VirtualHost *:80>
    ServerName ninja.reptilfpv.de
    Redirect permanent / https://ninja.reptilfpv.de/
</VirtualHost>