# ====================================================
# 工作日志服务平台 - Nginx 配置
# ====================================================
# 说明：
# 1. 此配置用于生产环境部署
# 2. 需根据实际域名和路径修改配置
# 3. 建议启用 HTTPS（本配置为 HTTP 示例）
# ====================================================

server {
    listen 80;
    server_name worklog.example.com;  # 修改为实际域名
    
    # 字符集
    charset utf-8;
    
    # 访问日志
    access_log /var/log/nginx/worklog_access.log;
    error_log /var/log/nginx/worklog_error.log;
    
    # Gzip 压缩
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
    
    # 管理后台
    location /admin/ {
        alias /opt/worklog/worklog-admin/dist/;
        try_files $uri $uri/ /admin/index.html;
        index index.html;
        
        # 静态资源缓存
        location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot)$ {
            expires 30d;
            add_header Cache-Control "public, immutable";
        }
    }
    
    # 移动端 H5
    location /mobile/ {
        alias /opt/worklog/worklog-mobile/dist/;
        try_files $uri $uri/ /mobile/index.html;
        index index.html;
        
        # 静态资源缓存
        location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot)$ {
            expires 30d;
            add_header Cache-Control "public, immutable";
        }
    }
    
    # 后端 API 代理
    location /api/ {
        proxy_pass http://127.0.0.1:8080;
        
        # 代理头设置
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # 超时设置
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
        
        # 缓冲设置
        proxy_buffering on;
        proxy_buffer_size 4k;
        proxy_buffers 8 4k;
        proxy_busy_buffers_size 8k;
        
        # WebSocket 支持（如需要）
        # proxy_http_version 1.1;
        # proxy_set_header Upgrade $http_upgrade;
        # proxy_set_header Connection "upgrade";
    }
    
    # Swagger API 文档（生产环境建议关闭或限制访问）
    location /swagger-ui.html {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
        # 限制访问（可选）
        # allow 192.168.1.0/24;  # 只允许内网访问
        # deny all;
    }
    
    # 健康检查接口
    location /api/v1/health {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        access_log off;  # 健康检查不记录日志
    }
    
    # 禁止访问隐藏文件
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
}

# HTTPS 配置示例（需要 SSL 证书）
# server {
#     listen 443 ssl http2;
#     server_name worklog.example.com;
#     
#     # SSL 证书配置
#     ssl_certificate /path/to/cert.pem;
#     ssl_certificate_key /path/to/cert.key;
#     ssl_protocols TLSv1.2 TLSv1.3;
#     ssl_ciphers HIGH:!aNULL:!MD5;
#     ssl_prefer_server_ciphers on;
#     ssl_session_cache shared:SSL:10m;
#     ssl_session_timeout 10m;
#     
#     # 其他配置同上...
# }
# 
# # HTTP 重定向到 HTTPS
# server {
#     listen 80;
#     server_name worklog.example.com;
#     return 301 https://$server_name$request_uri;
# }