ruoyi-vue/nginx-https.conf

# WebSocket连接升级映射（必须在server块之前定义）
map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

# 80端口：仅处理HTTP请求，自动重定向到HTTPS

server {
    listen 80;
    server_name jarvis.van333.cn;  # 匹配域名

    # 核心：HTTP请求永久重定向到HTTPS（301表示永久重定向）
    return 301 https://$host$request_uri;

    # 可选：记录重定向日志（便于排查）
    access_log /www/sites/jarvis.van333.cn/log/redirect.log main;
}

# 443端口：处理HTTPS请求，包含SSL配置和业务逻辑

server {
    listen 443 ssl;
    server_name jarvis.van333.cn;  # 与80端口保持一致的域名

    # 网站根目录和默认首页（保留你的业务配置）
    root /www/sites/jarvis.van333.cn/index;
    index index.html index.htm;

    # SSL证书配置（仅在443端口生效）
    ssl_certificate /www/common/ssl/jarvis.van333.cn/fullchain.cer;
    ssl_certificate_key /www/common/ssl/jarvis.van333.cn.key;

    # SSL安全配置（复用你的原有配置）
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;

    # 日志配置
    access_log /www/sites/jarvis.van333.cn/log/access.log main;
    error_log /www/sites/jarvis.van333.cn/log/error.log;

    # 静态资源缓存配置
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        try_files $uri =404;
    }

    # ========== 重要：后端API代理配置 ==========
    # 将所有API请求代理到后端服务器（解决混合内容问题）
    # 注意：这里的路径需要与前端 VUE_APP_BASE_API 配置一致
    location /dev-api/ {
        proxy_pass http://127.0.0.1:30313/;  # 后端服务地址
        
        # 请求头设置
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $server_name;
        
        # 请求体相关配置（重要：支持POST请求）
        proxy_set_header Content-Type $content_type;
        proxy_set_header Content-Length $content_length;
        proxy_pass_request_headers on;
        proxy_pass_request_body on;
        
        # HTTP版本和WebSocket支持
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        
        # 超时设置
        proxy_connect_timeout 600s;
        proxy_send_timeout 600s;
        proxy_read_timeout 600s;
        
        # 请求缓冲设置（对大文件上传有用）
        proxy_request_buffering on;
        client_max_body_size 100M;
    }

    # 腾讯文档OAuth回调接口（必须放在 /dev-api/ 之后，location / 之前）
    location /tendoc-callback {
        proxy_pass http://127.0.0.1:30313/tendoc-callback;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $server_name;
    }

    # jarvis相关API代理（包括腾讯文档的其他接口）
    location /jarvis/ {
        proxy_pass http://127.0.0.1:30313/jarvis/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $server_name;
        
        # HTTP版本和WebSocket支持
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        
        # 超时设置
        proxy_connect_timeout 600s;
        proxy_send_timeout 600s;
        proxy_read_timeout 600s;
    }

    
    # Druid监控代理（如果需要）
    location /druid/ {
        proxy_pass http://127.0.0.1:30313/druid/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Vue Router History模式支持（必须放在最后）
    location / {
        try_files $uri $uri/ /index.html;
    }

    # 404错误页面
    error_page 404 /404.html;
}