# 全局配置
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# 事件处理
events {
    worker_connections 1024;
}

# HTTP 服务器
http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;
	# HTTPS 服务器监听端口
	# 443
    # HTTP 服务器监听端口
    server {
        listen 80;
        # start 启用https
        listen 443 ssl;
        # 服务器名称
        server_name www.huaruyu.com;
        # 将所有HTTP请求通过rewrite指令重定向到HTTPS。
        # rewrite ^(.*)$ https://$host$1;
        # 填写证书文件绝对路径
        ssl_certificate /etc/nginx/cert/www.huaruyu.com.pem;
        # 填写证书私钥文件绝对路径
        ssl_certificate_key /etc/nginx/cert/www.huaruyu.com.key;

        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;

        # 自定义设置使用的TLS协议的类型以及加密套件（以下为配置示例，请您自行评估是否需要配置）
        # TLS协议版本越高，HTTPS通信的安全性越高，但是相较于低版本TLS协议，高版本TLS协议对浏览器的兼容性较差。
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

        # 表示优先使用服务端加密套件。默认开启
        ssl_prefer_server_ciphers on;
        # end 启用https

        # 启用 ETag 头，Nginx 会为每个资源生成一个唯一的 ETag 值，当资源更新时，ETag 值会改变。
        etag on;

        # 设置允许跨域的域，* 表示允许任何域，也可以设置特定的域,has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
        add_header 'Access-Control-Allow-Origin' '*';
        # 允许的方法
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        # 允许的头信息字段
        add_header 'Access-Control-Allow-Headers' 'User-Agent,Keep-Alive,Content-Type,Authorization,Origin' always;
        # 缓存时间
        add_header 'Access-Control-Max-Age' 1728000 always;
        # 预检请求的处理
        if ($request_method = 'OPTIONS') {
            return 204;
        }
        # 访问日志路径
        access_log /var/log/nginx/access.log;
        # 站点根目录
        root /usr/share/nginx/html;
        # 代理配置
        location / {
            # 默认页面
            index index.html index.htm;
            try_files $uri $uri.html $uri/ =404;
            # try_files $uri $uri/ =404;
        }

        # 第二个页面的配置
        location ^~ /mobile/ {
#             index index.html index.htm;
#             try_files $uri $uri.html $uri/ =404;
            alias /usr/share/nginx/html/mobile/;
            index index.html index.htm;
            try_files $uri $uri/ /mobile/index.html;
        }

        location ^~ /todo-server/ {
            # 预检请求的处理
            if ($request_method = 'OPTIONS') {
                return 204;
            }
            # rewrite ^/todo-server/(.*)$ /$1 break;
            proxy_pass              http://huayu-platform-todo:8092/;
            proxy_set_header        Host $http_host;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            client_body_buffer_size 16k;
            client_max_body_size  100M;
        }
        location ^~ /security-server/ {
            # 预检请求的处理
            if ($request_method = 'OPTIONS') {
                return 204;
            }
            # rewrite ^/security-server/(.*)$ /$1 break;
            proxy_pass              http://huayu-platform-security:8091/;
            proxy_set_header        Host $http_host;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            client_body_buffer_size 16k;
            client_max_body_size  100M;

        }
        location /task/ {
            # 预检请求的处理
            if ($request_method = 'OPTIONS') {
                return 204;
            }
            rewrite ^/task/(.*)$ /task/$1.html break;
        }
        # 静态文件缓存配置
        location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
            expires 7d;
            access_log off;
        }
    }
}