server {

  listen 443 ssl;
  server_name kopama.com.pl www.kopama.com.pl;
  
  server_tokens off; 

  ssl_certificate      /letsencrypt/live/kopama.com.pl/fullchain.pem;
  ssl_certificate_key  /letsencrypt/live/kopama.com.pl/privkey.pem;
   
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers         HIGH:!aNULL:!MD5;
 
 
  location / {
  
         # Ograniczenie liczby żądań
        limit_req zone=ip_limit burst=20 nodelay;
        
        proxy_pass http://arti24-container:3335;
        
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
        proxy_set_header    Host                $host;
        proxy_set_header    X-Forwarded-Host    $host;
        proxy_set_header    X-Forwarded-Port    $server_port;
        
        
        # timeouty
        proxy_connect_timeout 3s;   # max czas na połączenie z backendem
        proxy_read_timeout    3s;   # max czas oczekiwania na odpowiedź
        proxy_send_timeout    3s;

        # jeżeli backend nie odpowie albo zwróci 502/503/504 -> fallback
        proxy_intercept_errors on;
        proxy_next_upstream error timeout http_502 http_503 http_504;

        error_page 502 503 504 504 = @fallback;
    
 
   }
   
   location @fallback {
        return 302 https://kopama.pl$request_uri;
   }
        
     
}