server {
    listen 80;
    server_name tasteengine.example.com;

    # Static files — served directly by nginx, Flask never touched
    location /static/ {
        alias /home/abdallah/recommender-project/TasteEngine/static/;
        expires 7d;
        add_header Cache-Control "public, immutable";
    }

    # Application proxy
    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # CRITICAL: disable buffering for SSE/streaming endpoints (SVD evaluation)
        proxy_buffering off;
        proxy_cache off;

        # Timeouts
        proxy_connect_timeout 60s;
        proxy_read_timeout 180s;
        proxy_send_timeout 60s;
    }

    # Optional: rate limiting on recommendation API
    location /api/recommend {
        limit_req zone=recommend burst=5 nodelay;
        proxy_pass http://127.0.0.1:5000;
    }

    # SSL (uncomment after running certbot)
    # listen 443 ssl;
    # ssl_certificate /etc/letsencrypt/live/tasteengine.example.com/fullchain.pem;
    # ssl_certificate_key /etc/letsencrypt/live/tasteengine.example.com/privkey.pem;
}

# Rate limiting zone definition
limit_req_zone $binary_remote_addr zone=recommend:10m rate=10r/s;