# Host-based routing: mifi.dev / www.mifi.dev → dev root, mifi.bio / www.mifi.bio → bio root
# Security headers are handled upstream by Traefik

server {
    listen 80 default_server;
    server_name mifi.dev www.mifi.dev;
    root /usr/share/nginx/html/dev;
    index index.html;

    # Map canonical .well-known paths to variant-specific files
    location = /.well-known/security.txt {
        alias $document_root/.well-known/dev.security.txt;
        add_header Cache-Control "public, max-age=86400";
    }
    location = /.well-known/appspecific/com.chrome.devtools.json {
        alias $document_root/.well-known/dev.com.chrome.devtools.json;
        add_header Cache-Control "public, max-age=86400";
    }

    include /etc/nginx/snippets/cache-rules.conf;

    location / {
        try_files $uri $uri/ /index.html;
    }

    error_page 404 /index.html;
}

server {
    listen 80;
    server_name mifi.bio www.mifi.bio;
    root /usr/share/nginx/html/bio;
    index index.html;

    # Map canonical .well-known paths to variant-specific files
    location = /.well-known/security.txt {
        alias $document_root/.well-known/bio.security.txt;
        add_header Cache-Control "public, max-age=86400";
    }
    location = /.well-known/appspecific/com.chrome.devtools.json {
        alias $document_root/.well-known/bio.com.chrome.devtools.json;
        add_header Cache-Control "public, max-age=86400";
    }

    include /etc/nginx/snippets/cache-rules.conf;

    location / {
        try_files $uri $uri/ /index.html;
    }

    error_page 404 /index.html;
}