log_format apex_log '客户端IP: $remote_addr | 用户: $remote_user | 时间: $time_local | '
                            '请求方法和路径: "$request" | 状态码: $status | 响应大小: $body_bytes_sent | '
                            '来源页面: "$http_referer" | 客户端UA: "$http_user_agent" | '
                            '上游服务器: $upstream_addr | 上游响应耗时: $upstream_response_time | '
                            '请求总耗时: $request_time | Host: $host';

server {
    listen 443 ssl;
    server_name apex.jennie.im;

    ssl_certificate /data/tengine/conf/certificate/jennie.im.crt;
    ssl_certificate_key /data/tengine/conf/certificate/jennie.im.key;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    # 单独日志文件
    access_log /data/tengine/logs/apex_access.log apex_log;
    error_log  /data/tengine/logs/apex_error.log;

    # 前端静态文件
    location / {
        root /data/tengine/html/apex_web/dist;
        index index.html;
        try_files $uri $uri/ /index.html;
    }

    # 缓存控制，确保 JS 文件不缓存老内容
    location ~* \.(js|css|woff2|json|svg)$ {
        root /data/tengine/html/apex_web/dist;
        add_header Cache-Control "no-cache, no-store, must-revalidate"; 
    }


    location /api/ {
        proxy_pass http://127.0.0.1:8200;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_buffering off;
        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;

        if ($request_method = OPTIONS ) {
            return 204;
        }
    }


    # 错误页面
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /data/tengine/html/apex_web/dist;
    }
}