server {
    listen 80;
    server_name dms.sggai.site;

    location ^~ /.well-known/acme-challenge/ {
        root /var/www;
        default_type text/plain;
        try_files $uri =404;
    }
    # 静态网站案例
    # location / {
    #     root /var/www/dms.sggai.site;
    #     index index.html;
    #     try_files $uri $uri/ /index.html;
    # }

    # 反向代理案例
    # location / {
    #     proxy_pass http://10.1.0.1:3001;
    #
    #     proxy_set_header Host $host;
    #     proxy_set_header X-Real-IP $remote_addr;
    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #
    #     proxy_read_timeout 3600s;
    #     proxy_send_timeout 3600s;
    # }

    location / {
        return 301 https://$host$request_uri;
    }
}
server {
    listen 443 ssl;
    server_name dms.sggai.site;

    ssl_certificate /etc/letsencrypt/live/dms.sggai.site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dms.sggai.site/privkey.pem;

    location / {
        root /var/www/dms.sggai.site;
        index index.html;
        try_files $uri $uri/ /index.html;
    }
}
server {
    # 对外暴露的 HTTPS 端口
    # 用户访问：https://dms.sggai.site:18083/
    listen 18083 ssl;

    # 只匹配这个域名
    server_name dms.sggai.site;

    ssl_certificate /etc/letsencrypt/live/dms.sggai.site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dms.sggai.site/privkey.pem;

    location / {
        # 转发到局域网后端设备
        # 这里是 http，表示 nginx 到 10.1.0.1 使用明文 HTTP
        proxy_pass http://10.1.0.1:18083;

        # 传递原始访问域名
        # 如果后端需要带端口，建议用 $http_host
        proxy_set_header Host $http_host;

        # 传递客户端真实 IP
        proxy_set_header X-Real-IP $remote_addr;

        # 传递完整代理链 IP
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # 告诉后端：用户外部访问协议是 HTTPS
        proxy_set_header X-Forwarded-Proto https;

        # 长连接/慢请求超时时间
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
    }
}