upstream websocket_backend {
        ip_hash;
        server 106.53.194.199:8071;
}


# WebSocket代理配置
map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}


# 1. 强制 HTTP 转 HTTPS（统一跳转到 www.jennie.im）
server {
    listen 80;
    server_name jennie.im www.jennie.im;
    return 301 https://www.jennie.im$request_uri;
}

# 2. 统一将 jennie.im 重定向到 www.jennie.im（HTTPS 保留）
server {
    listen 443 ssl;
    server_name jennie.im;

    ssl_certificate /data/tengine/certificate/jennie.im.crt;
    ssl_certificate_key /data/tengine/certificate/jennie.im.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    return 301 https://www.jennie.im$request_uri;
}

# 3. 正式服务站点（https://www.jennie.im）
server {
    listen 443 ssl;
    server_name www.jennie.im;

    ssl_certificate /data/tengine/certificate/jennie.im.crt;
    ssl_certificate_key /data/tengine/certificate/jennie.im.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    # 单独日志文件
    access_log /data/tengine/logs/www_jennie_im_access.log;
    error_log  /data/tengine/logs/www_jennie_im_error.log;

    location / {
        root  /data/tengine/html/jennie_web/dist/;
        index  index.html index.htm;
        try_files $uri $uri/ /index.html;
    }

    # sit的支付模块
    location /sit-api/payment/webhook/ {
        proxy_pass http://106.53.194.199:8090;  #运维机器的8010代理到sit的8090
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_intercept_errors off;
        proxy_buffering off;
        proxy_cache off;
        proxy_set_header Connection keep-alive;

        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;

       if ($request_method = OPTIONS ) {
          return 204;
       }
    }

    #国内test机器的邮件服务
    location /test-api/webhook/ {
        proxy_pass http://43.139.181.45:4997/webhook/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_intercept_errors off;
        proxy_buffering off;
        proxy_cache off;
        proxy_set_header Connection keep-alive;

        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;

       if ($request_method = OPTIONS ) {
          return 204;
       }
    }

    location /dev-api/webhook/ {
        proxy_pass http://106.53.194.199:8091;  #运维机器的8091代理到dev的8090
        proxy_set_header Host 106.53.194.199;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_intercept_errors off;
        proxy_buffering off;
        proxy_cache off;
        proxy_set_header Connection keep-alive;

        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;

       if ($request_method = OPTIONS ) {
          return 204;
       }
    }


    # WebSocket代理
    location /ws {
        proxy_pass http://websocket_backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        # WebSocket连接超时设置
        proxy_read_timeout 86400;
        proxy_send_timeout 86400;
    }



    # 处理 /sit-api/xxx，转发到 127.0.0.1:5001 --> opt-server
    location /sit-api/ {
        proxy_pass http://127.0.0.1:5001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #10响应缓冲
        proxy_intercept_errors off;
        proxy_buffering off;
        proxy_cache off;
        proxy_set_header Connection keep-alive;
       #允许跨域
        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
       #处理预检请求
       if ($request_method = OPTIONS ) {
          return 204;
       }
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root html;
    }
}