server {
    listen 80;
    server_name smartmate.lecspace.com _;
    return 301 https://$host$request_uri;
}

server {
    listen 80;
    server_name git.lecspace.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    http2 on;
    server_name smartmate.lecspace.com;
    resolver 127.0.0.11 ipv6=off valid=30s;

    ssl_certificate /etc/nginx/certs/tls.crt;
    ssl_certificate_key /etc/nginx/certs/tls.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

    root /usr/share/nginx/html;
    index index.html;

    # 1. 生产环境统一由前端容器反代后端 API，前端继续使用相对路径 /api/v1。
    # 2. 关闭代理缓冲，避免 Agent SSE 响应被 Nginx 缓存后前端长时间收不到数据。
    location /api/ {
        set $api_upstream http://api:8080;
        proxy_pass $api_upstream;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
        proxy_buffering off;
        proxy_cache off;
        proxy_read_timeout 3600s;
        add_header X-Accel-Buffering no;
    }

    # 1. Vue Router 走 history 模式时，静态资源未命中需要回落到 index.html。
    # 2. 这里只负责前端页面回落，接口流量统一由上面的 /api 路由处理。
    location / {
        try_files $uri $uri/ /index.html;
    }
}

server {
    listen 443 ssl;
    http2 on;
    server_name git.lecspace.com;
    resolver 127.0.0.11 ipv6=off valid=30s;

    ssl_certificate /etc/nginx/certs/git.lecspace.com_bundle.pem;
    ssl_certificate_key /etc/nginx/certs/git.lecspace.com.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

    client_max_body_size 2g;
    proxy_read_timeout 600s;
    proxy_send_timeout 600s;
    proxy_request_buffering off;
    proxy_buffering off;

    # 1. Gitea Web、Container Registry 与 API 统一复用同一域名入口。
    # 2. 这里改成变量代理，避免 Nginx 启动时强制解析上游而影响离线语法校验。
    location / {
        set $gitea_upstream http://gitea-web:3000;
        proxy_pass $gitea_upstream;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Connection "";
    }
}