map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

    # 匹配以 www. 开头的请求并重定向到 HTTPS 的不带 www.
    server {
        listen 80;
        listen 443 ssl;
        server_name ~^www\.(?<domain>.+)$;

        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_certificate "/root/cert.pem";
        ssl_certificate_key "/root/cert.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;
        add_header Strict-Transport-Security "max-age=31536000";

        return 301 https://$domain$request_uri;
    }

    # 匹配任意 HTTP 重定向到 HTTPS
    server {
        listen 80 default_server;
        server_name _;

        # 将 HTTP 请求重定向到 HTTPS
        return 301 https://$host$request_uri;
    }



server {
    listen 443 ssl http2 default_server;
    server_name _;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_certificate "/root/cert.pem";
    ssl_certificate_key "/root/cert.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers PROFILE=SYSTEM;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000";

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

#PROXY-START/

    # 代理到海外，匹配 /api 下名称不是 基础认证 的回调
    location ~ ^/api/auth/callback/(?!credentials).*$ {
        proxy_pass http://127.0.0.1:23000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # 代理到海外，匹配 /api 下名称不是 基础认证 的登录
    location ~ ^/api/auth/signin/(?!credentials).*$ {
        proxy_pass http://127.0.0.1:23000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

location ~ /
{
    proxy_pass http://127.0.0.1:23000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_http_version 1.1;

    # 禁止缓存的相关设置
    proxy_buffering off;
    proxy_no_cache 1;
    proxy_cache_bypass 1;
    add_header X-Accel-Buffering "no";
    # 设置代理超时
    proxy_read_timeout 24h;
    proxy_connect_timeout 3m;
    proxy_send_timeout 24h;
    proxy_max_temp_file_size 0;
}

#PROXY-END/


}