# nginx.conf  --  ha-proxy  (Hetzner, behind Traefik)
# Forwards ha.manohargupta.com -> Home Assistant on the home box over Tailscale.
# Traefik terminates TLS; this listens plain HTTP on :80 inside the network.

worker_processes 1;
events { worker_connections 256; }

http {
    # --- WebSocket upgrade plumbing -------------------------------------
    # HA's frontend uses a persistent WebSocket (/api/websocket). Without this
    # map the UI loads then hangs "Connecting...". The map sets the Connection
    # header to "upgrade" only when the client requested an upgrade.
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    # !!! EDIT THIS: the home box's TAILSCALE IP (100.x.y.z), port 8123 !!!
    # Find it after the home box joins your tailnet: `tailscale ip -4` on that box.
    upstream homeassistant {
        server 100.XX.XX.XX:8123;
    }

    server {
        listen 80;
        server_name ha.manohargupta.com;

        location / {
            proxy_pass http://homeassistant;
            proxy_http_version 1.1;

            # WebSocket upgrade
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;

            # Preserve host + client info so HA's trusted_proxies check passes
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            # HA long-lived connections: don't cut them off early
            proxy_read_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_buffering off;
        }
    }
}