# deploy/apache-reverse-proxy.conf
#
# cPanel/WHM regenerates each domain's main vhost config automatically
# (e.g. whenever you touch DNS, SSL, or run /scripts/rebuildhttpdconf), which
# would silently WIPE any reverse-proxy directives you hand-edit directly
# into /etc/apache2/conf.d/... . Instead, cPanel provides a persistent
# "userdata" include mechanism that survives those regenerations.
#
# INSTALL (as root via SSH):
#
#   1. Make sure mod_proxy + mod_proxy_http are enabled in EasyApache 4:
#        whmapi1 check_module_installed module=ea-apache24-mod_proxy_http
#      If not installed:
#        yum install ea-apache24-mod_proxy_http ea-apache24-mod_proxy
#
#   2. Copy this file's contents into the domain's persistent pre-include:
#
#        mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/CPANELUSER/yourdomain.com
#        mkdir -p /etc/apache2/conf.d/userdata/std/2_4/CPANELUSER/yourdomain.com
#        cp deploy/apache-reverse-proxy.conf \
#           /etc/apache2/conf.d/userdata/std/2_4/CPANELUSER/yourdomain.com/proxy.conf
#        cp deploy/apache-reverse-proxy.conf \
#           /etc/apache2/conf.d/userdata/ssl/2_4/CPANELUSER/yourdomain.com/proxy.conf
#
#      Replace CPANELUSER with your actual cPanel account username, and
#      yourdomain.com with the domain/subdomain pointed at this app.
#      The "std" copy covers plain HTTP (port 80, mostly used for the
#      Let's Encrypt/AutoSSL challenge + redirect-to-https), the "ssl" copy
#      covers HTTPS (port 443) — you generally want both present so AutoSSL
#      keeps working AND the live site proxies correctly.
#
#   3. Rebuild and reload Apache:
#        /scripts/rebuildhttpdconf
#        /scripts/restartsrv_httpd
#
#   4. Verify: `apachectl -t` should print "Syntax OK" before you reload.

ProxyPreserveHost On
ProxyRequests Off

# Forward everything to the local Next.js server started by PM2
# (see ecosystem.config.js — matches the `PORT: "3050"` there).
ProxyPass / http://127.0.0.1:3050/ retry=0 timeout=60
ProxyPassReverse / http://127.0.0.1:3050/

# Forward the real client IP/protocol so NextAuth's cookie logic and any
# request logging see the true scheme (https) instead of the internal
# proxy's plain-http connection.
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
RequestHeader set X-Forwarded-Proto "http" env=!HTTPS
