# 情绪博物馆主站配置
server {
    listen 80;
    server_name localhost emotion-museum.com www.emotion-museum.com;
    
    # 安全头
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

    # API代理
    location /api/ {
        # 限流
        limit_req zone=api burst=20 nodelay;
        
        # 代理到网关
        proxy_pass http://emotion_gateway;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # 超时设置
        proxy_connect_timeout 30s;
        proxy_send_timeout 30s;
        proxy_read_timeout 30s;
        
        # 缓存控制
        proxy_cache_bypass $http_upgrade;
        proxy_no_cache $http_upgrade;
        
        # WebSocket支持
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # 静态资源代理
    location / {
        # 限流
        limit_req zone=web burst=50 nodelay;
        
        # 代理到前端应用
        proxy_pass http://emotion_web;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # 缓存设置
        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
            proxy_pass http://emotion_web;
            proxy_set_header Host $host;
            expires 30d;
            add_header Cache-Control "public, immutable";
            add_header Vary "Accept-Encoding";
        }
        
        # HTML文件不缓存
        location ~* \.(html|htm)$ {
            proxy_pass http://emotion_web;
            proxy_set_header Host $host;
            expires -1;
            add_header Cache-Control "no-cache, no-store, must-revalidate";
            add_header Pragma "no-cache";
        }
    }

    # 健康检查
    location /nginx-health {
        access_log off;
        return 200 "healthy\n";
        add_header Content-Type text/plain;
    }

    # 错误页面
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    
    location = /50x.html {
        root /usr/share/nginx/html;
    }
}

# HTTPS配置 (可选)
# server {
#     listen 443 ssl http2;
#     server_name emotion-museum.com www.emotion-museum.com;
#     
#     # SSL证书配置
#     ssl_certificate /etc/nginx/ssl/emotion-museum.crt;
#     ssl_certificate_key /etc/nginx/ssl/emotion-museum.key;
#     
#     # SSL安全配置
#     ssl_protocols TLSv1.2 TLSv1.3;
#     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
#     ssl_prefer_server_ciphers off;
#     ssl_session_cache shared:SSL:10m;
#     ssl_session_timeout 10m;
#     
#     # HSTS
#     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#     
#     # 其他配置与HTTP相同
#     include /etc/nginx/conf.d/emotion-museum-common.conf;
# }

# HTTP重定向到HTTPS (可选)
# server {
#     listen 80;
#     server_name emotion-museum.com www.emotion-museum.com;
#     return 301 https://$server_name$request_uri;
# }