# 放在 http { } 里一次定义
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 443 ssl;
    server_name staging.open-isle.com www.staging.open-isle.com;

    ssl_certificate     /etc/letsencrypt/live/staging.open-isle.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/staging.open-isle.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # ---------- SSR ----------
    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_http_version 1.1;

        # 正确的升级头（仅在有 Upgrade 时）
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        # 透传真实主机/协议/源 IP
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;

        # 合理超时，避免 SSR 首屏慢查询导致 502/504
        proxy_read_timeout 120s;
        proxy_send_timeout 120s;

        add_header Cache-Control "no-store" always;
        add_header X-Upstream $upstream_addr always;
    }

    # ---------- API ----------
    location /api/ {
        proxy_pass http://127.0.0.1:8081/api/;
        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;


        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;

        proxy_read_timeout 120s;
        proxy_send_timeout 120s;

        add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always;
        proxy_no_cache 1;
        proxy_cache_bypass 1;
    }

    location ^~ /websocket/ {
        proxy_pass         http://127.0.0.1:8083/;
        proxy_http_version 1.1;

        proxy_set_header   Upgrade              $http_upgrade;
        proxy_set_header   Connection           $connection_upgrade;

        proxy_set_header   Host                 $host;
        proxy_set_header   X-Real-IP            $remote_addr;
        proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto    $scheme;
        proxy_set_header   X-Forwarded-Host     $host;

        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
        proxy_buffering    off;
        proxy_cache        off;
        add_header         Cache-Control "no-store" always;
    }

    location /mcp {
        proxy_pass         http://127.0.0.1:8086;
        proxy_http_version 1.1;

        proxy_set_header   Upgrade              $http_upgrade;
        proxy_set_header   Connection           $connection_upgrade;

        proxy_set_header   Host                 $host;
        proxy_set_header   X-Real-IP            $remote_addr;
        proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto    $scheme;
        proxy_set_header   X-Forwarded-Host     $host;

        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
        proxy_buffering    off;
        proxy_cache        off;
        add_header         Cache-Control "no-store" always;
    }

}