worker_processes  1;

events {
    worker_connections  1024;
}

http {
    charset utf-8;
    include       mime.types;
    default_type  application/octet-stream;

    # 启用 SSL 协议，建议加上 TLSv1.3
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    sendfile        on;
    keepalive_timeout  65;

    # HTTP 80 端口，重定向到 HTTPS
    server {
        listen 80;
        server_name mail.shenjianl.cn;  # 改为你自己的域名

        # 统一重定向到 HTTPS
        return 301 https://$host$request_uri;
    }

    # HTTPS 443 端口主服务
    server {
        listen 443 ssl;
        server_name mail.shenjianl.cn;  # 改为你自己的域名

        ssl_certificate /etc/nginx/certs/mail.shenjianl.cn_bundle.pem; # 改为你自己的证书文件
        ssl_certificate_key /etc/nginx/certs/mail.shenjianl.cn.key;    # 改为你自己的密钥文件

        root /usr/share/nginx/html;
        index index.html;

        location / {
            try_files $uri $uri/ /index.html;
        }

        # 反向代理 /api 到后端服务
        location /api {
            proxy_pass http://email-backend:5182;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        # WebSocket 支持
        location /ws {
            proxy_pass http://email-backend:5182;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            # 设置更长的超时时间以保持 WebSocket 连接
            proxy_read_timeout 600s;
            proxy_send_timeout 600s;
        }
    }
}