# Rate limiting zones
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;

# FastCGI cache zone
fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:2 keys_zone=laravel:100m max_size=1g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";

# HTTP to HTTPS redirect
server {
    listen 80;
    listen [::]:80;
    server_name amazingarchitecture.com www.amazingarchitecture.com;
    return 301 https://amazingarchitecture.com$request_uri;
}

# WWW to non-WWW redirect
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.amazingarchitecture.com;
    
    ssl_certificate /etc/letsencrypt/live/amazingarchitecture.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/amazingarchitecture.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    return 301 https://amazingarchitecture.com$request_uri;
}

# Main server block
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name amazingarchitecture.com;
    
    root /var/www/html/amazing/public;
    index index.php index.html;
    charset utf-8;
    
    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/amazingarchitecture.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/amazingarchitecture.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    
    # Logging
    access_log /var/log/nginx/amazingarchitecture-access.log;
    error_log /var/log/nginx/amazingarchitecture-error.log error;
    
    # Static assets with long-term caching
    location ~* \.(jpg|jpeg|png|gif|ico|svg|webp|avif)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    location ~* \.(css|js|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    # Laravel storage files with moderate caching
    location ^~ /storage/ {
        expires 30d;
        add_header Cache-Control "public";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    # Favicon and robots.txt
    location = /favicon.ico { 
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off; 
        log_not_found off; 
    }
    
    location = /robots.txt { 
        expires 1d;
        add_header Cache-Control "public";
        access_log off; 
        log_not_found off; 
    }
    
    # Rate limiting for login routes
    location ~ ^/(login|register|password|revabar|user) {
        limit_req zone=login burst=3 nodelay;
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    # Rate limiting for API routes
    location ^~ /api/ {
        limit_req zone=api burst=20 nodelay;
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    # Main location block with caching
    location / {
        try_files $uri $uri/ @laravel;
    }
    
    location @laravel {
        # Skip cache for certain conditions
        set $skip_cache 0;
        
        # Skip cache for POST requests
        if ($request_method = POST) {
            set $skip_cache 1;
        }
        
        # Skip cache for URLs with query parameters (except utm_ parameters)
        if ($args ~ "^(?!utm_).*") {
            set $skip_cache 1;
        }
        
        # Skip cache for admin/dashboard URLs
        if ($uri ~ "^/(admin|dashboard|login|register)") {
            set $skip_cache 1;
        }
        
        # Skip cache for logged-in users (check for Laravel session cookie)
        if ($http_cookie ~* "laravel_session") {
            set $skip_cache 1;
        }
        
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache laravel;
        fastcgi_cache_valid 200 301 302 10m;
        fastcgi_cache_valid 404 1m;
        fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
        fastcgi_cache_background_update on;
        fastcgi_cache_lock on;
        
        add_header X-Cache-Status $upstream_cache_status;
        
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
        fastcgi_param SCRIPT_NAME /index.php;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_param QUERY_STRING $args;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;
        
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        fastcgi_intercept_errors off;
        
        # Optimized FastCGI buffers
        fastcgi_buffer_size 32k;
        fastcgi_buffers 8 32k;
        fastcgi_busy_buffers_size 64k;
        fastcgi_temp_file_write_size 64k;
        
        # Timeouts
        fastcgi_connect_timeout 60s;
        fastcgi_send_timeout 60s;
        fastcgi_read_timeout 60s;
    }
    
    # PHP files (fallback for direct PHP access)
    location ~ \.php$ {
        try_files $uri =404;
        
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        
        # Same buffer settings as above
        fastcgi_buffer_size 32k;
        fastcgi_buffers 8 32k;
        fastcgi_busy_buffers_size 64k;
        fastcgi_temp_file_write_size 64k;
        
        fastcgi_connect_timeout 60s;
        fastcgi_send_timeout 60s;
        fastcgi_read_timeout 60s;
    }
    
    # Security: deny access to sensitive files
    location ~ /\.(?!well-known).* {
        deny all;
    }
    
    location ~ ^/(\.env|\.git|composer\.(json|lock)|package\.json|gulpfile\.js|webpack\.mix\.js) {
        deny all;
    }
    
    # Compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types
        application/atom+xml
        application/geo+json
        application/javascript
        application/x-javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rdf+xml
        application/rss+xml
        application/xhtml+xml
        application/xml
        font/eot
        font/otf
        font/ttf
        image/svg+xml
        text/css
        text/javascript
        text/plain
        text/xml;
    
    # Brotli compression (if available)
    # brotli on;
    # brotli_comp_level 6;
    # brotli_min_length 1024;
    # brotli_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
}# Rate limiting zones
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;

# FastCGI cache zone
fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:2 keys_zone=laravel:100m max_size=1g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";

# HTTP to HTTPS redirect
server {
    listen 80;
    listen [::]:80;
    server_name amazingarchitecture.com www.amazingarchitecture.com;
    return 301 https://amazingarchitecture.com$request_uri;
}

# WWW to non-WWW redirect
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.amazingarchitecture.com;
    
    ssl_certificate /etc/letsencrypt/live/amazingarchitecture.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/amazingarchitecture.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    return 301 https://amazingarchitecture.com$request_uri;
}

# Main server block
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name amazingarchitecture.com;
    
    root /var/www/html/amazing/public;
    index index.php index.html;
    charset utf-8;
    
    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/amazingarchitecture.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/amazingarchitecture.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    
    # Logging
    access_log /var/log/nginx/amazingarchitecture-access.log;
    error_log /var/log/nginx/amazingarchitecture-error.log error;
    
    # Static assets with long-term caching
    location ~* \.(jpg|jpeg|png|gif|ico|svg|webp|avif)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    location ~* \.(css|js|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    # Laravel storage files with moderate caching
    location ^~ /storage/ {
        expires 30d;
        add_header Cache-Control "public";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    # Favicon and robots.txt
    location = /favicon.ico { 
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off; 
        log_not_found off; 
    }
    
    location = /robots.txt { 
        expires 1d;
        add_header Cache-Control "public";
        access_log off; 
        log_not_found off; 
    }
    
    # Rate limiting for login routes
    location ~ ^/(login|register|password|revabar|user) {
        limit_req zone=login burst=3 nodelay;
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    # Rate limiting for API routes
    location ^~ /api/ {
        limit_req zone=api burst=20 nodelay;
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    # Main location block with caching
    location / {
        try_files $uri $uri/ @laravel;
    }
    
    location @laravel {
        # Skip cache for certain conditions
        set $skip_cache 0;
        
        # Skip cache for POST requests
        if ($request_method = POST) {
            set $skip_cache 1;
        }
        
        # Skip cache for URLs with query parameters (except utm_ parameters)
        if ($args ~ "^(?!utm_).*") {
            set $skip_cache 1;
        }
        
        # Skip cache for admin/dashboard URLs
        if ($uri ~ "^/(admin|dashboard|login|register)") {
            set $skip_cache 1;
        }
        
        # Skip cache for logged-in users (check for Laravel session cookie)
        if ($http_cookie ~* "laravel_session") {
            set $skip_cache 1;
        }
        
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache laravel;
        fastcgi_cache_valid 200 301 302 10m;
        fastcgi_cache_valid 404 1m;
        fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
        fastcgi_cache_background_update on;
        fastcgi_cache_lock on;
        
        add_header X-Cache-Status $upstream_cache_status;
        
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
        fastcgi_param SCRIPT_NAME /index.php;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_param QUERY_STRING $args;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;
        
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        fastcgi_intercept_errors off;
        
        # Optimized FastCGI buffers
        fastcgi_buffer_size 32k;
        fastcgi_buffers 8 32k;
        fastcgi_busy_buffers_size 64k;
        fastcgi_temp_file_write_size 64k;
        
        # Timeouts
        fastcgi_connect_timeout 60s;
        fastcgi_send_timeout 60s;
        fastcgi_read_timeout 60s;
    }
    
    # PHP files (fallback for direct PHP access)
    location ~ \.php$ {
        try_files $uri =404;
        
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        
        # Same buffer settings as above
        fastcgi_buffer_size 32k;
        fastcgi_buffers 8 32k;
        fastcgi_busy_buffers_size 64k;
        fastcgi_temp_file_write_size 64k;
        
        fastcgi_connect_timeout 60s;
        fastcgi_send_timeout 60s;
        fastcgi_read_timeout 60s;
    }
    
    # Security: deny access to sensitive files
    location ~ /\.(?!well-known).* {
        deny all;
    }
    
    location ~ ^/(\.env|\.git|composer\.(json|lock)|package\.json|gulpfile\.js|webpack\.mix\.js) {
        deny all;
    }
    
    # Compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types
        application/atom+xml
        application/geo+json
        application/javascript
        application/x-javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rdf+xml
        application/rss+xml
        application/xhtml+xml
        application/xml
        font/eot
        font/otf
        font/ttf
        image/svg+xml
        text/css
        text/javascript
        text/plain
        text/xml;
    
    # Brotli compression (if available)
    # brotli on;
    # brotli_comp_level 6;
    # brotli_min_length 1024;
    # brotli_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
}# Rate limiting zones
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;

# FastCGI cache zone
fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:2 keys_zone=laravel:100m max_size=1g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";

# HTTP to HTTPS redirect
server {
    listen 80;
    listen [::]:80;
    server_name amazingarchitecture.com www.amazingarchitecture.com;
    return 301 https://amazingarchitecture.com$request_uri;
}

# WWW to non-WWW redirect
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.amazingarchitecture.com;
    
    ssl_certificate /etc/letsencrypt/live/amazingarchitecture.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/amazingarchitecture.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    return 301 https://amazingarchitecture.com$request_uri;
}

# Main server block
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name amazingarchitecture.com;
    
    root /var/www/html/amazing/public;
    index index.php index.html;
    charset utf-8;
    
    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/amazingarchitecture.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/amazingarchitecture.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    
    # Logging
    access_log /var/log/nginx/amazingarchitecture-access.log;
    error_log /var/log/nginx/amazingarchitecture-error.log error;
    
    # Static assets with long-term caching
    location ~* \.(jpg|jpeg|png|gif|ico|svg|webp|avif)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    location ~* \.(css|js|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    # Laravel storage files with moderate caching
    location ^~ /storage/ {
        expires 30d;
        add_header Cache-Control "public";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    # Favicon and robots.txt
    location = /favicon.ico { 
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off; 
        log_not_found off; 
    }
    
    location = /robots.txt { 
        expires 1d;
        add_header Cache-Control "public";
        access_log off; 
        log_not_found off; 
    }
    
    # Rate limiting for login routes
    location ~ ^/(login|register|password|revabar|user) {
        limit_req zone=login burst=3 nodelay;
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    # Rate limiting for API routes
    location ^~ /api/ {
        limit_req zone=api burst=20 nodelay;
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    # Main location block with caching
    location / {
        try_files $uri $uri/ @laravel;
    }
    
    location @laravel {
        # Skip cache for certain conditions
        set $skip_cache 0;
        
        # Skip cache for POST requests
        if ($request_method = POST) {
            set $skip_cache 1;
        }
        
        # Skip cache for URLs with query parameters (except utm_ parameters)
        if ($args ~ "^(?!utm_).*") {
            set $skip_cache 1;
        }
        
        # Skip cache for admin/dashboard URLs
        if ($uri ~ "^/(admin|dashboard|login|register)") {
            set $skip_cache 1;
        }
        
        # Skip cache for logged-in users (check for Laravel session cookie)
        if ($http_cookie ~* "laravel_session") {
            set $skip_cache 1;
        }
        
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache laravel;
        fastcgi_cache_valid 200 301 302 10m;
        fastcgi_cache_valid 404 1m;
        fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
        fastcgi_cache_background_update on;
        fastcgi_cache_lock on;
        
        add_header X-Cache-Status $upstream_cache_status;
        
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
        fastcgi_param SCRIPT_NAME /index.php;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_param QUERY_STRING $args;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;
        
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        fastcgi_intercept_errors off;
        
        # Optimized FastCGI buffers
        fastcgi_buffer_size 32k;
        fastcgi_buffers 8 32k;
        fastcgi_busy_buffers_size 64k;
        fastcgi_temp_file_write_size 64k;
        
        # Timeouts
        fastcgi_connect_timeout 60s;
        fastcgi_send_timeout 60s;
        fastcgi_read_timeout 60s;
    }
    
    # PHP files (fallback for direct PHP access)
    location ~ \.php$ {
        try_files $uri =404;
        
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        
        # Same buffer settings as above
        fastcgi_buffer_size 32k;
        fastcgi_buffers 8 32k;
        fastcgi_busy_buffers_size 64k;
        fastcgi_temp_file_write_size 64k;
        
        fastcgi_connect_timeout 60s;
        fastcgi_send_timeout 60s;
        fastcgi_read_timeout 60s;
    }
    
    # Security: deny access to sensitive files
    location ~ /\.(?!well-known).* {
        deny all;
    }
    
    location ~ ^/(\.env|\.git|composer\.(json|lock)|package\.json|gulpfile\.js|webpack\.mix\.js) {
        deny all;
    }
    
    # Compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types
        application/atom+xml
        application/geo+json
        application/javascript
        application/x-javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rdf+xml
        application/rss+xml
        application/xhtml+xml
        application/xml
        font/eot
        font/otf
        font/ttf
        image/svg+xml
        text/css
        text/javascript
        text/plain
        text/xml;
    
    # Brotli compression (if available)
    # brotli on;
    # brotli_comp_level 6;
    # brotli_min_length 1024;
    # brotli_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
}# Rate limiting zones
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;

# FastCGI cache zone
fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:2 keys_zone=laravel:100m max_size=1g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";

# HTTP to HTTPS redirect
server {
    listen 80;
    listen [::]:80;
    server_name amazingarchitecture.com www.amazingarchitecture.com;
    return 301 https://amazingarchitecture.com$request_uri;
}

# WWW to non-WWW redirect
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.amazingarchitecture.com;
    
    ssl_certificate /etc/letsencrypt/live/amazingarchitecture.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/amazingarchitecture.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    return 301 https://amazingarchitecture.com$request_uri;
}

# Main server block
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name amazingarchitecture.com;
    
    root /var/www/html/amazing/public;
    index index.php index.html;
    charset utf-8;
    
    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/amazingarchitecture.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/amazingarchitecture.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    
    # Logging
    access_log /var/log/nginx/amazingarchitecture-access.log;
    error_log /var/log/nginx/amazingarchitecture-error.log error;
    
    # Static assets with long-term caching
    location ~* \.(jpg|jpeg|png|gif|ico|svg|webp|avif)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    location ~* \.(css|js|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    # Laravel storage files with moderate caching
    location ^~ /storage/ {
        expires 30d;
        add_header Cache-Control "public";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    # Favicon and robots.txt
    location = /favicon.ico { 
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off; 
        log_not_found off; 
    }
    
    location = /robots.txt { 
        expires 1d;
        add_header Cache-Control "public";
        access_log off; 
        log_not_found off; 
    }
    
    # Rate limiting for login routes
    location ~ ^/(login|register|password|revabar|user) {
        limit_req zone=login burst=3 nodelay;
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    # Rate limiting for API routes
    location ^~ /api/ {
        limit_req zone=api burst=20 nodelay;
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    # Main location block with caching
    location / {
        try_files $uri $uri/ @laravel;
    }
    
    location @laravel {
        # Skip cache for certain conditions
        set $skip_cache 0;
        
        # Skip cache for POST requests
        if ($request_method = POST) {
            set $skip_cache 1;
        }
        
        # Skip cache for URLs with query parameters (except utm_ parameters)
        if ($args ~ "^(?!utm_).*") {
            set $skip_cache 1;
        }
        
        # Skip cache for admin/dashboard URLs
        if ($uri ~ "^/(admin|dashboard|login|register)") {
            set $skip_cache 1;
        }
        
        # Skip cache for logged-in users (check for Laravel session cookie)
        if ($http_cookie ~* "laravel_session") {
            set $skip_cache 1;
        }
        
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache laravel;
        fastcgi_cache_valid 200 301 302 10m;
        fastcgi_cache_valid 404 1m;
        fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
        fastcgi_cache_background_update on;
        fastcgi_cache_lock on;
        
        add_header X-Cache-Status $upstream_cache_status;
        
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
        fastcgi_param SCRIPT_NAME /index.php;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_param QUERY_STRING $args;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;
        
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        fastcgi_intercept_errors off;
        
        # Optimized FastCGI buffers
        fastcgi_buffer_size 32k;
        fastcgi_buffers 8 32k;
        fastcgi_busy_buffers_size 64k;
        fastcgi_temp_file_write_size 64k;
        
        # Timeouts
        fastcgi_connect_timeout 60s;
        fastcgi_send_timeout 60s;
        fastcgi_read_timeout 60s;
    }
    
    # PHP files (fallback for direct PHP access)
    location ~ \.php$ {
        try_files $uri =404;
        
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        
        # Same buffer settings as above
        fastcgi_buffer_size 32k;
        fastcgi_buffers 8 32k;
        fastcgi_busy_buffers_size 64k;
        fastcgi_temp_file_write_size 64k;
        
        fastcgi_connect_timeout 60s;
        fastcgi_send_timeout 60s;
        fastcgi_read_timeout 60s;
    }
    
    # Security: deny access to sensitive files
    location ~ /\.(?!well-known).* {
        deny all;
    }
    
    location ~ ^/(\.env|\.git|composer\.(json|lock)|package\.json|gulpfile\.js|webpack\.mix\.js) {
        deny all;
    }
    
    # Compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types
        application/atom+xml
        application/geo+json
        application/javascript
        application/x-javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rdf+xml
        application/rss+xml
        application/xhtml+xml
        application/xml
        font/eot
        font/otf
        font/ttf
        image/svg+xml
        text/css
        text/javascript
        text/plain
        text/xml;
    
    # Brotli compression (if available)
    # brotli on;
    # brotli_comp_level 6;
    # brotli_min_length 1024;
    # brotli_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
}# Rate limiting zones
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;

# FastCGI cache zone
fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:2 keys_zone=laravel:100m max_size=1g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";

# HTTP to HTTPS redirect
server {
    listen 80;
    listen [::]:80;
    server_name amazingarchitecture.com www.amazingarchitecture.com;
    return 301 https://amazingarchitecture.com$request_uri;
}

# WWW to non-WWW redirect
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.amazingarchitecture.com;
    
    ssl_certificate /etc/letsencrypt/live/amazingarchitecture.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/amazingarchitecture.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    return 301 https://amazingarchitecture.com$request_uri;
}

# Main server block
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name amazingarchitecture.com;
    
    root /var/www/html/amazing/public;
    index index.php index.html;
    charset utf-8;
    
    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/amazingarchitecture.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/amazingarchitecture.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    
    # Logging
    access_log /var/log/nginx/amazingarchitecture-access.log;
    error_log /var/log/nginx/amazingarchitecture-error.log error;
    
    # Static assets with long-term caching
    location ~* \.(jpg|jpeg|png|gif|ico|svg|webp|avif)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    location ~* \.(css|js|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    # Laravel storage files with moderate caching
    location ^~ /storage/ {
        expires 30d;
        add_header Cache-Control "public";
        add_header Vary "Accept-Encoding";
        try_files $uri =404;
        access_log off;
    }
    
    # Favicon and robots.txt
    location = /favicon.ico { 
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off; 
        log_not_found off; 
    }
    
    location = /robots.txt { 
        expires 1d;
        add_header Cache-Control "public";
        access_log off; 
        log_not_found off; 
    }
    
    # Rate limiting for login routes
    location ~ ^/(login|register|password|revabar|user) {
        limit_req zone=login burst=3 nodelay;
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    # Rate limiting for API routes
    location ^~ /api/ {
        limit_req zone=api burst=20 nodelay;
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    # Main location block with caching
    location / {
        try_files $uri $uri/ @laravel;
    }
    
    location @laravel {
        # Skip cache for certain conditions
        set $skip_cache 0;
        
        # Skip cache for POST requests
        if ($request_method = POST) {
            set $skip_cache 1;
        }
        
        # Skip cache for URLs with query parameters (except utm_ parameters)
        if ($args ~ "^(?!utm_).*") {
            set $skip_cache 1;
        }
        
        # Skip cache for admin/dashboard URLs
        if ($uri ~ "^/(admin|dashboard|login|register)") {
            set $skip_cache 1;
        }
        
        # Skip cache for logged-in users (check for Laravel session cookie)
        if ($http_cookie ~* "laravel_session") {
            set $skip_cache 1;
        }
        
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache laravel;
        fastcgi_cache_valid 200 301 302 10m;
        fastcgi_cache_valid 404 1m;
        fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
        fastcgi_cache_background_update on;
        fastcgi_cache_lock on;
        
        add_header X-Cache-Status $upstream_cache_status;
        
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
        fastcgi_param SCRIPT_NAME /index.php;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_param QUERY_STRING $args;
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;
        
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        fastcgi_intercept_errors off;
        
        # Optimized FastCGI buffers
        fastcgi_buffer_size 32k;
        fastcgi_buffers 8 32k;
        fastcgi_busy_buffers_size 64k;
        fastcgi_temp_file_write_size 64k;
        
        # Timeouts
        fastcgi_connect_timeout 60s;
        fastcgi_send_timeout 60s;
        fastcgi_read_timeout 60s;
    }
    
    # PHP files (fallback for direct PHP access)
    location ~ \.php$ {
        try_files $uri =404;
        
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        
        # Same buffer settings as above
        fastcgi_buffer_size 32k;
        fastcgi_buffers 8 32k;
        fastcgi_busy_buffers_size 64k;
        fastcgi_temp_file_write_size 64k;
        
        fastcgi_connect_timeout 60s;
        fastcgi_send_timeout 60s;
        fastcgi_read_timeout 60s;
    }
    
    # Security: deny access to sensitive files
    location ~ /\.(?!well-known).* {
        deny all;
    }
    
    location ~ ^/(\.env|\.git|composer\.(json|lock)|package\.json|gulpfile\.js|webpack\.mix\.js) {
        deny all;
    }
    
    # Compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types
        application/atom+xml
        application/geo+json
        application/javascript
        application/x-javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rdf+xml
        application/rss+xml
        application/xhtml+xml
        application/xml
        font/eot
        font/otf
        font/ttf
        image/svg+xml
        text/css
        text/javascript
        text/plain
        text/xml;
    
    # Brotli compression (if available)
    # brotli on;
    # brotli_comp_level 6;
    # brotli_min_length 1024;
    # brotli_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
}<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">

        <title>Server Error</title>

        <style>
            /*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}a{background-color:transparent}code{font-family:monospace,monospace;font-size:1em}[hidden]{display:none}html{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;line-height:1.5}*,:after,:before{box-sizing:border-box;border:0 solid #e2e8f0}a{color:inherit;text-decoration:inherit}code{font-family:Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace}svg,video{display:block;vertical-align:middle}video{max-width:100%;height:auto}.bg-white{--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opacity))}.bg-gray-100{--bg-opacity:1;background-color:#f7fafc;background-color:rgba(247,250,252,var(--bg-opacity))}.border-gray-200{--border-opacity:1;border-color:#edf2f7;border-color:rgba(237,242,247,var(--border-opacity))}.border-gray-400{--border-opacity:1;border-color:#cbd5e0;border-color:rgba(203,213,224,var(--border-opacity))}.border-t{border-top-width:1px}.border-r{border-right-width:1px}.flex{display:flex}.grid{display:grid}.hidden{display:none}.items-center{align-items:center}.justify-center{justify-content:center}.font-semibold{font-weight:600}.h-5{height:1.25rem}.h-8{height:2rem}.h-16{height:4rem}.text-sm{font-size:.875rem}.text-lg{font-size:1.125rem}.leading-7{line-height:1.75rem}.mx-auto{margin-left:auto;margin-right:auto}.ml-1{margin-left:.25rem}.mt-2{margin-top:.5rem}.mr-2{margin-right:.5rem}.ml-2{margin-left:.5rem}.mt-4{margin-top:1rem}.ml-4{margin-left:1rem}.mt-8{margin-top:2rem}.ml-12{margin-left:3rem}.-mt-px{margin-top:-1px}.max-w-xl{max-width:36rem}.max-w-6xl{max-width:72rem}.min-h-screen{min-height:100vh}.overflow-hidden{overflow:hidden}.p-6{padding:1.5rem}.py-4{padding-top:1rem;padding-bottom:1rem}.px-4{padding-left:1rem;padding-right:1rem}.px-6{padding-left:1.5rem;padding-right:1.5rem}.pt-8{padding-top:2rem}.fixed{position:fixed}.relative{position:relative}.top-0{top:0}.right-0{right:0}.shadow{box-shadow:0 1px 3px 0 rgba(0,0,0,.1),0 1px 2px 0 rgba(0,0,0,.06)}.text-center{text-align:center}.text-gray-200{--text-opacity:1;color:#edf2f7;color:rgba(237,242,247,var(--text-opacity))}.text-gray-300{--text-opacity:1;color:#e2e8f0;color:rgba(226,232,240,var(--text-opacity))}.text-gray-400{--text-opacity:1;color:#cbd5e0;color:rgba(203,213,224,var(--text-opacity))}.text-gray-500{--text-opacity:1;color:#a0aec0;color:rgba(160,174,192,var(--text-opacity))}.text-gray-600{--text-opacity:1;color:#718096;color:rgba(113,128,150,var(--text-opacity))}.text-gray-700{--text-opacity:1;color:#4a5568;color:rgba(74,85,104,var(--text-opacity))}.text-gray-900{--text-opacity:1;color:#1a202c;color:rgba(26,32,44,var(--text-opacity))}.uppercase{text-transform:uppercase}.underline{text-decoration:underline}.antialiased{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.tracking-wider{letter-spacing:.05em}.w-5{width:1.25rem}.w-8{width:2rem}.w-auto{width:auto}.grid-cols-1{grid-template-columns:repeat(1,minmax(0,1fr))}@-webkit-keyframes spin{0%{transform:rotate(0deg)}to{transform:rotate(1turn)}}@keyframes spin{0%{transform:rotate(0deg)}to{transform:rotate(1turn)}}@-webkit-keyframes ping{0%{transform:scale(1);opacity:1}75%,to{transform:scale(2);opacity:0}}@keyframes ping{0%{transform:scale(1);opacity:1}75%,to{transform:scale(2);opacity:0}}@-webkit-keyframes pulse{0%,to{opacity:1}50%{opacity:.5}}@keyframes pulse{0%,to{opacity:1}50%{opacity:.5}}@-webkit-keyframes bounce{0%,to{transform:translateY(-25%);-webkit-animation-timing-function:cubic-bezier(.8,0,1,1);animation-timing-function:cubic-bezier(.8,0,1,1)}50%{transform:translateY(0);-webkit-animation-timing-function:cubic-bezier(0,0,.2,1);animation-timing-function:cubic-bezier(0,0,.2,1)}}@keyframes bounce{0%,to{transform:translateY(-25%);-webkit-animation-timing-function:cubic-bezier(.8,0,1,1);animation-timing-function:cubic-bezier(.8,0,1,1)}50%{transform:translateY(0);-webkit-animation-timing-function:cubic-bezier(0,0,.2,1);animation-timing-function:cubic-bezier(0,0,.2,1)}}@media (min-width:640px){.sm\:rounded-lg{border-radius:.5rem}.sm\:block{display:block}.sm\:items-center{align-items:center}.sm\:justify-start{justify-content:flex-start}.sm\:justify-between{justify-content:space-between}.sm\:h-20{height:5rem}.sm\:ml-0{margin-left:0}.sm\:px-6{padding-left:1.5rem;padding-right:1.5rem}.sm\:pt-0{padding-top:0}.sm\:text-left{text-align:left}.sm\:text-right{text-align:right}}@media (min-width:768px){.md\:border-t-0{border-top-width:0}.md\:border-l{border-left-width:1px}.md\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}}@media (min-width:1024px){.lg\:px-8{padding-left:2rem;padding-right:2rem}}@media (prefers-color-scheme:dark){.dark\:bg-gray-800{--bg-opacity:1;background-color:#2d3748;background-color:rgba(45,55,72,var(--bg-opacity))}.dark\:bg-gray-900{--bg-opacity:1;background-color:#1a202c;background-color:rgba(26,32,44,var(--bg-opacity))}.dark\:border-gray-700{--border-opacity:1;border-color:#4a5568;border-color:rgba(74,85,104,var(--border-opacity))}.dark\:text-white{--text-opacity:1;color:#fff;color:rgba(255,255,255,var(--text-opacity))}.dark\:text-gray-400{--text-opacity:1;color:#cbd5e0;color:rgba(203,213,224,var(--text-opacity))}}
        </style>

        <style>
            body {
                font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
            }
        </style>
    </head>
    <body class="antialiased">
        <div class="relative flex items-top justify-center min-h-screen bg-gray-100 dark:bg-gray-900 sm:items-center sm:pt-0">
            <div class="max-w-xl mx-auto sm:px-6 lg:px-8">
                <div class="flex items-center pt-8 sm:justify-start sm:pt-0">
                    <div class="px-4 text-lg text-gray-500 border-r border-gray-400 tracking-wider">
                        500                    </div>

                    <div class="ml-4 text-lg text-gray-500 uppercase tracking-wider">
                        Server Error                    </div>
                </div>
            </div>
        </div>
    </body>
</html>