server {
    listen 80;
    root /usr/share/nginx/html;
    index index.html;

    # Proxy /api/* → football-data.org, injecting the API key server-side
    location /api/ {
        proxy_pass         https://api.football-data.org/v4/;
        proxy_set_header   Host api.football-data.org;
        proxy_set_header   X-Auth-Token ${FOOTBALL_API_KEY};
        proxy_ssl_server_name on;
        proxy_hide_header  Access-Control-Allow-Origin;
        add_header         Access-Control-Allow-Origin $http_origin always;
    }

    # SPA fallback: all unmatched routes serve index.html
    location / {
        try_files $uri $uri/ /index.html;
    }
}