upstream official_backend {
    server 10.0.0.5:3000;         # 机器A的内网地址
    server 10.0.0.15:3000;         # 机器B的内网地址
}

upstream new_official_backend {
    server 10.0.0.5:3003;
    server 10.0.0.15:3003;
}

log_format  official_log  '$remote_addr - $remote_user [$time_local] '
                          '"$request" $status $body_bytes_sent '
                          '"$http_referer" "$http_user_agent" '
                          'upstream_addr=$upstream_addr '
                          'upstream_status=$upstream_status '
                          'upstream_response_time=$upstream_response_time '
                          'request_time=$request_time';

 # 1. 强制 HTTP 转 HTTPS（统一跳转到 www.lessie.ai）
server {
    listen 80;
    server_name lessie.ai www.lessie.ai;
    return 301 https://lessie.ai$request_uri;
}

 # 2. 统一将 www.lessie.ai 重定向到 lessie.ai（HTTPS 保留）
server {
    listen 443 ssl;
    server_name www.lessie.ai;

    ssl_certificate /data/tengine/certificate/lessie.ai.pem;
    ssl_certificate_key /data/tengine/certificate/lessie.ai.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

     # 清除 HSTS
    add_header Strict-Transport-Security "max-age=0; includeSubDomains" always;

    return 301 https://lessie.ai$request_uri;
}

 # 3. 正式服务站点（https://lessie.ai）
server {
    listen 443 ssl;
    server_name lessie.ai;

    ssl_certificate /data/tengine/certificate/lessie.ai.pem;
    ssl_certificate_key /data/tengine/certificate/lessie.ai.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    access_log /data/tengine/logs/lessie.ai.access.log  official_log;
    error_log /data/tengine/logs/lessie.ai.error.log;

    # 1. 新框架的业务页面逻辑
    location ~ "^/([a-z]{2}(-[a-z]{2})?/)?(influencer-marketing|b2b-lead-generation|investor-scouting|recruiting|partnerships)" {
        proxy_pass http://new_official_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    # 2. 静态资源分流 (核心逻辑)
    location ~ ^/(_next/|__nuxt/|.*\.json) {
        # 默认给老项目 (3000端口)
        set $target_upstream http://official_backend;

        # 只有当来源页面 (Referer) 明确包含新项目的关键字时，才改发到 3003
        if ($http_referer ~* "(influencer-marketing|b2b-lead-generation|investor-scouting|recruiting|partnerships)") {
            set $target_upstream http://new_official_backend;
        }

        proxy_pass $target_upstream;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

     # 反向代理到后端服务器渲染的nxut项目3000端口(老框架的完整页面)
    location / {
        proxy_pass http://official_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    location /video/ {
        root /data/tengine/html/lessie_official;
        expires 30d;
        add_header Cache-Control "public";
        add_header Accept-Ranges bytes;
    }

    # 禁止 logo 缓存（默认给用户方形）
    location = /favicon.svg {
        # 判断 UA，如果是 Googlebot，改写路径
        if ($http_user_agent ~* "(Googlebot|Bingbot)") {
            rewrite ^/favicon.svg$ /favicon-google.svg last;
        }

        proxy_pass http://official_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;

        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
        add_header Pragma "no-cache" always;
        add_header Expires 0 always;
    }

    # Googlebot 专用 favicon 文件（圆形图标）
    location = /favicon-google.svg {
        root /data/tengine/html/lessie_official;
        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
        add_header Pragma "no-cache" always;
        add_header Expires 0 always;
    }

    # 第三方邮件SendGrid平台调用
    location /prod-api/webhook/ {
        proxy_pass http://129.204.158.54:4997/webhook/; 
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_intercept_errors off;
        proxy_buffering off;
        proxy_cache off;
        proxy_set_header Connection keep-alive;

        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;

       if ($request_method = OPTIONS ) {
          return 204;
       }
    }

    # 第三方支付平台调用
    location /payment/  / {
        proxy_pass http://129.204.158.54:8090; 
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_intercept_errors off;
        proxy_buffering off;
        proxy_cache off;
        proxy_set_header Connection keep-alive;

        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;

       if ($request_method = OPTIONS ) {
          return 204;
       }
    }
}