# ============================================================
# cPanel Passenger Configuration
# Domain:   kiannash.ca
# Username: nashkris
# App path: /home/nashkris/public_html/kiannash.ca/BEACONAPLR/school_camera_app
# ============================================================

PassengerEnabled On
PassengerAppRoot /home/nashkris/public_html/kiannash.ca/BEACONAPLR/school_camera_app
PassengerStartupFile passenger_wsgi.py
PassengerAppType wsgi
PassengerAppEnv production

# Python virtualenv - adjust 3.10 to match your Python version in Setup Python App
PassengerPython /home/nashkris/virtualenv/public_html/kiannash.ca/BEACONAPLR/school_camera_app/3.10/bin/python

# ── Rewrite rules ────────────────────────────────────────────
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    # Serve real files and directories directly (static assets)
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]

    # Everything else → Passenger
    RewriteRule ^ passenger_wsgi.py [L]
</IfModule>

# ── Static file caching ──────────────────────────────────────
<FilesMatch "\.(jpg|jpeg|png|gif|ico|css|js|mp3|html|svg|woff2?)$">
    Header set Cache-Control "max-age=86400, public"
</FilesMatch>

# ── CORS (needed for WebSocket and API calls) ────────────────
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"

# ── Security headers ─────────────────────────────────────────
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"

# ── Compression ──────────────────────────────────────────────
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript application/json
</IfModule>
