# 情绪博物馆主站配置
#
# 部署方式说明：
# 1. Docker Compose部署（推荐）：使用容器服务名，如 emotion-gateway:9000, emotion-web:80
# 2. 混合部署：Nginx在Docker中，服务在宿主机，使用 localhost:9000 或 host.docker.internal:9000
# 3. 本地部署：Nginx在宿主机，使用 localhost:9000 或 127.0.0.1:9000
#
# 当前配置适用于：Docker Compose部署（所有服务都在Docker网络中）

server {
    listen 80;
    server_name localhost emotion-museum.com www.emotion-museum.com;

    # 日志配置
    access_log /data/logs/nginx/nginx_access.log main;
    error_log /data/logs/nginx/nginx_error.log warn;

    # 安全头
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

    # API代理到网关服务 (Docker容器内部端口9000)
    location /api/ {
        # 限流
        limit_req zone=api burst=20 nodelay;

        # 代理到网关服务 (Docker容器)
        proxy_pass http://emotion-gateway:9000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # 超时设置
        proxy_connect_timeout 30s;
        proxy_send_timeout 30s;
        proxy_read_timeout 30s;

        # 缓存控制
        proxy_cache_bypass $http_upgrade;
        proxy_no_cache $http_upgrade;

        # WebSocket支持
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # 前端静态文件服务 (代理到前端容器)
    location / {
        # 限流
        limit_req zone=web burst=50 nodelay;

        # 代理到前端容器
        proxy_pass http://emotion-web:80;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # 超时设置
        proxy_connect_timeout 10s;
        proxy_send_timeout 10s;
        proxy_read_timeout 10s;
    }

    # 静态资源缓存优化
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        proxy_pass http://emotion-web:80;
        expires 30d;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
    }

    # HTML文件不缓存
    location ~* \.(html|htm)$ {
        proxy_pass http://emotion-web:80;
        expires -1;
        add_header Cache-Control "no-cache, no-store, must-revalidate";
        add_header Pragma "no-cache";
    }

    # 健康检查
    location /nginx-health {
        access_log off;
        return 200 "healthy\n";
        add_header Content-Type text/plain;
    }

    # 错误页面
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    
    location = /50x.html {
        root /usr/share/nginx/html;
    }
}

# HTTPS配置 (可选)
# server {
#     listen 443 ssl http2;
#     server_name emotion-museum.com www.emotion-museum.com;
#     
#     # SSL证书配置
#     ssl_certificate /etc/nginx/ssl/emotion-museum.crt;
#     ssl_certificate_key /etc/nginx/ssl/emotion-museum.key;
#     
#     # SSL安全配置
#     ssl_protocols TLSv1.2 TLSv1.3;
#     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
#     ssl_prefer_server_ciphers off;
#     ssl_session_cache shared:SSL:10m;
#     ssl_session_timeout 10m;
#     
#     # HSTS
#     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#     
#     # 其他配置与HTTP相同
#     include /etc/nginx/conf.d/emotion-museum-common.conf;
# }

# HTTP重定向到HTTPS (可选)
# server {
#     listen 80;
#     server_name emotion-museum.com www.emotion-museum.com;
#     return 301 https://$server_name$request_uri;
# }

# ========================================
# 备用配置：非Docker部署方式
# ========================================
# 如果不使用Docker Compose，而是直接在服务器上部署，
# 请注释掉上面的配置，启用下面的配置

# server {
#     listen 80;
#     server_name localhost;
#
#     # 日志配置
#     access_log /var/log/nginx/access.log;
#     error_log /var/log/nginx/error.log warn;
#
#     # API代理到宿主机服务
#     location /api/ {
#         # 选择以下其中一种配置：
#
#         # 方式1：使用localhost（推荐）
#         proxy_pass http://localhost:9000/;
#
#         # 方式2：使用127.0.0.1
#         # proxy_pass http://127.0.0.1:9000/;
#
#         # 方式3：使用服务器IP（替换为实际IP）
#         # proxy_pass http://192.168.1.100:9000/;
#
#         proxy_set_header Host $host;
#         proxy_set_header X-Real-IP $remote_addr;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#         proxy_set_header X-Forwarded-Proto $scheme;
#
#         proxy_connect_timeout 30s;
#         proxy_send_timeout 30s;
#         proxy_read_timeout 30s;
#     }
#
#     # 前端静态文件（直接从文件系统提供）
#     location / {
#         root /data/www/emotion-museum;
#         index index.html index.htm;
#         try_files $uri $uri/ /index.html;
#
#         # 静态资源缓存
#         location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
#             root /data/www/emotion-museum;
#             expires 30d;
#             add_header Cache-Control "public, immutable";
#         }
#     }
#
#     # 健康检查
#     location /health {
#         proxy_pass http://localhost:9000/actuator/health;
#     }
# }