#!/bin/bash
# 1. Define Backend
APP_SERVER="10.0.14.24:80"

echo "🛠️ Configuring Wallarm Inline Proxy..."

# 2. Write the configuration
sudo bash -c "cat << 'EOF' > /etc/nginx/sites-available/default
server {
    listen 80 default_server;
    server_name _;

    wallarm_mode monitoring;

    location / {
        proxy_pass http://$APP_SERVER;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }

    location /wallarm-status {
        wallarm_status on;
        wallarm_mode off;
        allow 127.0.0.1;
        deny all;
    }
}
EOF"

# 3. Ensure the site is enabled (Ubuntu requirement)
sudo ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default

# 4. Test and Reload
echo "🔍 Testing Nginx..."
if sudo nginx -t; then
    sudo systemctl restart nginx
    echo "✅ SUCCESS: Proxying to $APP_SERVER"
    curl -X GET "http://localhost" -H "accept: application/json"
    curl -I "http://localhost/etc/passwd"
else
    echo "❌ ERROR: Nginx config invalid."
    exit 1
fi