server {
    listen       80;
    server_name  ${SERVER_NAME};

    root         /usr/share/nginx/html;
    index        index.html;

    # ———————————————— Audio + CORS + Key-Check ————————————————
    location ~* \.(opus|flac|ogg|mp3|wav|m4a|aac)$ {

        if ($request_method = 'OPTIONS') {
            add_header Access-Control-Allow-Origin  "*" always;
            add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
            add_header Access-Control-Allow-Headers "X-API-Key, Content-Type, Keep-Alive, User-Agent, Cache-Control" always;
            add_header Access-Control-Max-Age       1728000 always;
            add_header Content-Length               0;
            return 204;
        }


        if ($http_x_api_key != "${MEDIA_API_KEY}") {
            # (optional) WWW-Authenticate-Header für Clients
            add_header WWW-Authenticate 'API key required' always;
            return 401;
        }

        add_header Access-Control-Allow-Origin  "*" always;
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
        add_header Access-Control-Allow-Headers "X-API-Key, Content-Type, Keep-Alive, User-Agent, Cache-Control" always;

        add_header Cache-Control "public, max-age=2592000" always;

        types {
            audio/opus   opus;
            audio/mpeg   mp3;
            audio/mp4    m4a;
            audio/aac    aac;
            video/mp4    mp4;
            video/webm   webm;
        }

        try_files $uri =404;
    }

    # ———————————————— Alle ande­ren Requests ————————————————
    location / {
        try_files $uri $uri/ =404;
    }
}