upstream api_upstream {
   server 127.0.0.1:20000;  # 使用容器名
}

# HTTP服务器配置，重定向所有请求到HTTPS
server {
    listen 80;
    server_name boss.mhaya.one bossapi.mhaya.one;

    # 允许所有来源的请求
    add_header 'Access-Control-Allow-Origin' '*';

    # 允许的 HTTP 方法
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE, HEAD';

    # 允许的 HTTP 头
    add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';

    # 预检请求的有效期（单位：秒）
    add_header 'Access-Control-Max-Age' 1728000;

    # 允许携带凭证（如 cookies）
    add_header 'Access-Control-Allow-Credentials' 'true';

    # 重定向所有 HTTP 请求到 HTTPS
    return 301 https://$host$request_uri;
}


server {
    listen 443 ssl;
    server_name boss.mhaya.one bossapi.mhaya.one;


    ssl_certificate /www/nginx/ca.crt;
    ssl_certificate_key /www/nginx/ca.key;
    ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers  on;


    # 如果需要提供静态文件（如 index.html, js, css 等）
    location / {
        root /home/web-mobile;  # 指向你的前端构建目录
        try_files $uri $uri/ /index.html;  # 重定向所有未找到的路径到 index.html
    }

    location /api/ {
        proxy_pass http://api_upstream/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}