# HTTP -> HTTPS 强制跳转
server {
    listen 80;
    server_name m.cytx.csybhelp.com;

    # ACME HTTP-01 验证路径放行
    location /.well-known/acme-challenge/ {
        root /home/acme-challenge;
    }

    # HTTP 跳转 HTTPS
    location / {
        rewrite ^(.*)$ https://$server_name$1 permanent;
    }
}

# HTTPS
server {
    listen 443 ssl;
    http2 on;
    server_name m.cytx.csybhelp.com;

    access_log /home/wwwlogs/m_cytx_csybhelp_com_access.log;
    error_log /home/wwwlogs/m_cytx_csybhelp_com_error.log;

    ssl_certificate cert/m_cytx_csybhelp_com_fullchain.pem;
    ssl_certificate_key cert/m_cytx_csybhelp_com_privkey.pem;

    # Gzip
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml+rss application/json application/javascript;

    # H5 前端（history 模式）
    location / {
        root /home/www/cytx_h5_html/;
        index index.html index.htm;
        try_files $uri $uri/ /index.html;

        client_max_body_size 100m;
        proxy_connect_timeout 300s;
        proxy_send_timeout 300s;
        proxy_read_timeout 300s;

        add_header Cache-Control no-cache;
        add_header Access-Control-Allow-Credentials true;
        add_header Access-Control-Allow-Origin $http_origin;
        add_header Access-Control-Allow-Headers $http_access_control_request_headers;
    }

    # H5 API 代理（/pro-api -> Node，去掉前缀）
    location /pro-api/ {
        rewrite ^/pro-api/(.*)$ /$1 break;
        proxy_pass http://127.0.0.1:8361;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # API 直接代理（/api -> Node）
    location /api/ {
        proxy_pass http://127.0.0.1:8361;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # Nginx 状态
    location /nginx_status {
        stub_status on;
        access_log off;
    }

    # 隐藏文件
    location ~ /\. {
        #deny all;
    }
}