server {
    listen 80;
    # http2 on;
    server_name ai.sggai.site;

    location ^~ /.well-known/acme-challenge/ {
        root /var/www;
        default_type text/plain;
        try_files $uri =404;
    }

    # 关键：允许 Session_id 这种带下划线的请求头
    # underscores_in_headers on;
    # ignore_invalid_headers off;

    client_max_body_size 200m;

    gzip off;
    gunzip off;
    location / {
        proxy_pass http://10.1.0.1:3001;
        proxy_http_version 1.1;

        # 保持你原来“模拟 IP 直连”的行为
        proxy_set_header Host $host;

        # 基础请求头
        proxy_set_header Authorization $http_authorization;
        proxy_set_header Content-Type $http_content_type;
        proxy_set_header Accept $http_accept;
        proxy_set_header User-Agent $http_user_agent;

        # 关键：Codex / 上游 prompt cache 相关头
        proxy_set_header Originator $http_originator;
        proxy_set_header Session_id $http_session_id;
        proxy_set_header X-Codex-Beta-Features $http_x_codex_beta_features;
        proxy_set_header X-Codex-Turn-Metadata $http_x_codex_turn_metadata;

        # Claude CLI 相关头，保留无害
        proxy_set_header X-Stainless-Arch $http_x_stainless_arch;
        proxy_set_header X-Stainless-Lang $http_x_stainless_lang;
        proxy_set_header X-Stainless-Os $http_x_stainless_os;
        proxy_set_header X-Stainless-Package-Version $http_x_stainless_package_version;
        proxy_set_header X-Stainless-Retry-Count $http_x_stainless_retry_count;
        proxy_set_header X-Stainless-Runtime $http_x_stainless_runtime;
        proxy_set_header X-Stainless-Runtime-Version $http_x_stainless_runtime_version;
        proxy_set_header X-Stainless-Timeout $http_x_stainless_timeout;
        proxy_set_header X-App $http_x_app;
        proxy_set_header Anthropic-Beta $http_anthropic_beta;
        proxy_set_header Anthropic-Dangerous-Direct-Browser-Access $http_anthropic_dangerous_direct_browser_access;
        proxy_set_header Anthropic-Version $http_anthropic_version;

        # 禁用压缩干扰
        proxy_set_header Accept-Encoding "";

        # 继续模拟直连，不暴露外层代理链
        proxy_set_header X-Real-IP "";
        proxy_set_header X-Forwarded-For "";
        proxy_set_header X-Forwarded-Proto "";
        proxy_set_header X-Forwarded-Host "";
        proxy_set_header X-Forwarded-Port "";

        proxy_set_header Connection "";

        # SSE / 流式响应
        proxy_buffering off;
        proxy_request_buffering off;
        proxy_cache off;
        proxy_cache_bypass 1;

        proxy_connect_timeout 600s;
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
    }
}
server {
    listen 443 ssl;
    # http2 on;

    server_name ai.sggai.site;

    ssl_certificate /etc/letsencrypt/live/ai.sggai.site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ai.sggai.site/privkey.pem;

    # 关键：允许 Session_id 这种带下划线的请求头  http2 on 和下面这2个加上就容易出 status_code=400, Invalid 'prompt_cache_key': string too long. Expected a string with maximum length 64, but got a string with length 74 instead.
    # underscores_in_headers on;
    # ignore_invalid_headers off;

    client_max_body_size 200m;

    gzip off;
    gunzip off;

    location / {
        proxy_pass http://10.1.0.1:3001;
        proxy_http_version 1.1;

        # 保持你原来“模拟 IP 直连”的行为
        proxy_set_header Host $host;

        # 基础请求头
        proxy_set_header Authorization $http_authorization;
        proxy_set_header Content-Type $http_content_type;
        proxy_set_header Accept $http_accept;
        proxy_set_header User-Agent $http_user_agent;

        # 关键：Codex / 上游 prompt cache 相关头
        proxy_set_header Originator $http_originator;
        proxy_set_header Session_id $http_session_id;
        proxy_set_header X-Codex-Beta-Features $http_x_codex_beta_features;
        proxy_set_header X-Codex-Turn-Metadata $http_x_codex_turn_metadata;

        # Claude CLI 相关头，保留无害
        proxy_set_header X-Stainless-Arch $http_x_stainless_arch;
        proxy_set_header X-Stainless-Lang $http_x_stainless_lang;
        proxy_set_header X-Stainless-Os $http_x_stainless_os;
        proxy_set_header X-Stainless-Package-Version $http_x_stainless_package_version;
        proxy_set_header X-Stainless-Retry-Count $http_x_stainless_retry_count;
        proxy_set_header X-Stainless-Runtime $http_x_stainless_runtime;
        proxy_set_header X-Stainless-Runtime-Version $http_x_stainless_runtime_version;
        proxy_set_header X-Stainless-Timeout $http_x_stainless_timeout;
        proxy_set_header X-App $http_x_app;
        proxy_set_header Anthropic-Beta $http_anthropic_beta;
        proxy_set_header Anthropic-Dangerous-Direct-Browser-Access $http_anthropic_dangerous_direct_browser_access;
        proxy_set_header Anthropic-Version $http_anthropic_version;

        # 禁用压缩干扰
        proxy_set_header Accept-Encoding "";

        # 继续模拟直连，不暴露外层代理链
        proxy_set_header X-Real-IP "";
        proxy_set_header X-Forwarded-For "";
        proxy_set_header X-Forwarded-Proto "";
        proxy_set_header X-Forwarded-Host "";
        proxy_set_header X-Forwarded-Port "";

        proxy_set_header Connection "";

        # SSE / 流式响应
        proxy_buffering off;
        proxy_request_buffering off;
        proxy_cache off;
        proxy_cache_bypass 1;

        proxy_connect_timeout 600s;
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
    }
}