# HTTP 配置（可选：重定向到 HTTPS）
server {
        listen 80;
        server_name attendant.huashengtec.com;

        # HTTP 重定向到 HTTPS
        return 301 https://$server_name$request_uri;
}

# HTTPS 配置
server {
        listen 443 ssl;
        server_name attendant.huashengtec.com;

        # SSL 证书配置
        ssl_certificate     /data/wwwroot/attendant/attendant.huashengtec.com_bundle.crt;
        ssl_certificate_key /data/wwwroot/attendant/attendant.huashengtec.com.key;

        # SSL 安全配置
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        # 设置 MIME 类型
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        # API 反向代理
        location /api/ {
                proxy_pass http://127.0.0.1:9004/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }

        # WebSocket 反向代理
        location /ws/ {
                proxy_pass http://127.0.0.1:9005/;
                proxy_http_version 1.1;

                # WebSocket 必需请求头
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;

                # 长连接超时设置（可选，根据业务调整）
                proxy_read_timeout 86400s;
                proxy_send_timeout 86400s;
        }

        # 前端静态文件
        location / {
                root /data/wwwroot/attendant;
                try_files $uri $uri/ /index.html;
        }
}
