# Nginx 配置 - 少儿智慧阅读
# 在宝塔面板中配置此反向代理

#==============================
# 在宝塔面板的操作步骤:
# 1. 网站 → 添加站点 → 创建站点
# 2. 域名：输入你的域名（如 reading.ycapp.cn）
# 3. 根目录：/www/wwwroot/reading.ycapp.cn
# 4. 数据库：PHP 纯静态（前端已构建好）
# 5. 确定后，点击网站 → 设置 → 配置文件
# 6. 将以下配置粘贴到配置文件中
#==============================

server {
    listen 80;
    server_name reading.ycapp.cn;  # 修改为你的域名

    # 前端静态文件根目录
    root /www/wwwroot/reading.ycapp.cn;
    index index.html;

    # 前端页面路由（Vue Router history 模式支持）
    location / {
        try_files $uri $uri/ /index.html;
    }

    # 后端 API 反向代理
    location /api {
        proxy_pass http://localhost:8480;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # 超时设置
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;

        # 跨域支持（如果需要）
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
        add_header Access-Control-Allow-Headers 'Content-Type, Authorization';

        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
            add_header Access-Control-Allow-Headers 'Content-Type, Authorization';
            add_header Content-Type 'text/plain; charset=utf-8';
            add_header Content-Length 0;
            return 204;
        }
    }

    # 文件上传代理
    location /uploads {
        proxy_pass http://localhost:8480;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    # 静态资源缓存
    location ~* \.(jpg|jpeg|png|gif|svg|ico|css|js|woff|woff2|ttf|eot)$ {
        expires 30d;
        add_header Cache-Control "public, immutable";
    }

    # 禁止访问隐藏文件
    location ~ /\. {
        deny all;
    }

    # 安全头
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
}

#==============================
# HTTPS 配置（启用 SSL 后使用此配置）
#==============================
# 在宝塔面板 → 网站 → SSL → Let's Encrypt 免费申请证书
# 申请成功后会自动生成以下配置

# server {
#     listen 443 ssl http2;
#     server_name reading.ycapp.cn;
#     ssl_certificate /www/server/panel/vhost/certs/reading.ycapp.cn/fullchain.pem;
#     ssl_certificate_key /www/server/panel/vhost/certs/reading.ycapp.cn/privkey.pem;
#
#     # SSL 优化
#     ssl_protocols TLSv1.2 TLSv1.3;
#     ssl_ciphers HIGH:!aNULL:!MD5;
#     ssl_prefer_server_ciphers on;
#     ssl_session_cache shared:SSL:10m;
#     ssl_session_timeout 10m;
#
#     root /www/wwwroot/reading.ycapp.cn;
#     index index.html;
#
#     location / {
#         try_files $uri $uri/ /index.html;
#     }
#
#     location /api {
#         proxy_pass http://localhost:8480;
#         proxy_set_header Host $host;
#         proxy_set_header X-Real-IP $remote_addr;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#         proxy_set_header X-Forwarded-Proto $scheme;
#     }
#
#     location /uploads {
#         proxy_pass http://localhost:8480;
#     }
# }
#
# # HTTP 自动跳转 HTTPS
# server {
#     listen 80;
#     server_name reading.ycapp.cn;
#     return 301 https://$server_name$request_uri;
# }