# SEOCheckerPro — Apache Reverse Proxy Configuration
# File: /etc/httpd/conf.d/seocheckerpro-api.conf
#
# This proxies api.seocheckerpro.com → Go server on localhost:8080
#
# On cPanel/WHM servers:
#   1. Place this file in /etc/httpd/conf.d/
#   2. Enable mod_proxy: ensure these modules are loaded (check httpd.conf or use WHM)
#        LoadModule proxy_module modules/mod_proxy.so
#        LoadModule proxy_http_module modules/mod_proxy_http.so
#        LoadModule rewrite_module modules/mod_rewrite.so
#   3. Restart Apache: service httpd restart (or via WHM)
#
# SSL is handled by Let's Encrypt via cPanel AutoSSL — it will add an HTTPS
# VirtualHost block automatically. This config handles the HTTP→HTTPS redirect.
#
# IMPORTANT: If WHM tries to manage this domain as a cPanel account,
# add api.seocheckerpro.com as a "parked domain" or "addon domain" pointing
# to a placeholder directory, then put this config in place.

<VirtualHost *:80>
    ServerName api.seocheckerpro.com
    ServerAlias www.api.seocheckerpro.com

    # Redirect all HTTP to HTTPS
    RewriteEngine On
    RewriteRule ^(.*)$ https://api.seocheckerpro.com$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName api.seocheckerpro.com

    # SSL — Let's Encrypt (AutoSSL fills these in)
    SSLEngine on
    # SSLCertificateFile    /etc/letsencrypt/live/api.seocheckerpro.com/fullchain.pem
    # SSLCertificateKeyFile /etc/letsencrypt/live/api.seocheckerpro.com/privkey.pem

    # ── Proxy to Go server ────────────────────────────────────────────────────
    ProxyPreserveHost On
    ProxyRequests Off

    # Disable proxy for /.well-known (Let's Encrypt challenge)
    ProxyPass /.well-known !

    # Pass everything else to Go
    ProxyPass        / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/

    # ── SSE support ────────────────────────────────────────────────────────────
    # Disable response buffering so SSE events stream immediately
    # Required for /api/audit/seo and /api/tools/broken-links
    SetEnv proxy-nokeepalive 1
    SetEnv proxy-sendchunked 1

    # For SSE endpoints, increase timeout to allow long-running crawls
    ProxyTimeout 300

    # ── Headers ───────────────────────────────────────────────────────────────
    # Pass real client IP to Go (middleware reads CF-Connecting-IP first,
    # then X-Forwarded-For, then RemoteAddr)
    RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s"
    RequestHeader set X-Forwarded-Proto "https"

    # ── Logging ───────────────────────────────────────────────────────────────
    ErrorLog  /var/log/httpd/seocheckerpro-api-error.log
    CustomLog /var/log/httpd/seocheckerpro-api-access.log combined

    # ── Security headers ──────────────────────────────────────────────────────
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "DENY"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    # HSTS — only enable after SSL is fully working
    # Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</VirtualHost>