user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
  worker_connections  1024;
}

http {
  # Basic config
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;
  sendfile        on;
  keepalive_timeout  65;

  # We define two upstreams: external and internal
  upstream external_ingress {
    server nginx-external.ingress-nginx.svc.cluster.local:80;
  }
  upstream internal_ingress {
    server nginx-internal.ingress-nginx.svc.cluster.local:80;
  }

  # Server block for HTTP (port 80)
  server {
    listen 80 default_server;
    server_name _;

    # For infra.mrcynic.site
    # (We do a separate server block for clarity. Could be done with if/host checks.)
  }

  # dev.mrcynic.site - allow only LAN
  server {
    listen 80;
    server_name ~^(?<subdomain>.+)\.dev\.mrcynic\.site$;

    location / {
      proxy_pass http://internal_ingress;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
    }
  }

  server {
    listen 80;
    server_name ~^(?<subdomain>.+)\.mrcynic\.site$;

    location / {
      proxy_pass http://external_ingress;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
    }
  }
}