update pay ui

nginx-110.42.32.207.conf

@@ -59,6 +59,9 @@ server {
     ssl_session_cache shared:SSL:10m;
     ssl_session_timeout 1d;
 
+    # 文件上传大小限制（客服图片上传需要）
+    client_max_body_size 20M;
+
     # ============================================
     # CORS 配置（允<EFBC88>?CDN 域名访问<E8AEBF>?
     # ============================================
@@ -488,6 +491,17 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
 
+        # 隐藏后端返回的 CORS 头（避免重复）
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+
+        # 统一添加 CORS 头
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept' always;
+
         proxy_cache_valid 200 1d;
         expires 1d;
         add_header Cache-Control "public, max-age=86400";
@@ -501,10 +515,20 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
 
+        # 隐藏后端返回的 CORS 头（避免重复）
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+
+        # CORS 头（解决 ERR_BLOCKED_BY_ORB）
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept' always;
+
         proxy_cache_valid 200 1d;
         expires 1d;
         add_header Cache-Control "public, max-age=86400";
-        add_header Access-Control-Allow-Origin $cors_origin;
     }
 
     location /visitor/ {
@@ -535,7 +559,8 @@ server {
     }
 
     location = /stomp {
-        proxy_pass http://43.143.189.195/api/websocket;
+        # 代理到 bytedesk 的 /websocket 端点
+        proxy_pass http://43.143.189.195/websocket;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
@@ -560,7 +585,8 @@ server {
     }
 
     location /stomp/ {
-        proxy_pass http://43.143.189.195/api/websocket/;
+        # 代理到 bytedesk 的 /websocket 端点
+        proxy_pass http://43.143.189.195/websocket;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
@@ -586,8 +612,22 @@ server {
 
     location ^~ /avatars/ {
         proxy_pass http://43.143.189.195/uploads/;
+        proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # 隐藏后端返回的 CORS 头（避免重复）
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+
+        # CORS 头（解决 ERR_BLOCKED_BY_ORB）
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept' always;
 
         proxy_cache_valid 200 1d;
         proxy_cache_bypass $http_cache_control;

src/routes/index.js

@@ -7,9 +7,6 @@ import { Routes, Route, Navigate } from 'react-router-dom';
 // 路由配置
 import { getMainLayoutRoutes, getStandaloneRoutes } from './routeConfig';
 
-// Landing 页面（重定向到静态 landing.html）
-import Landing from '@views/Landing';
-
 // 布局组件
 import MainLayout from '@layouts/MainLayout';
 
@@ -54,8 +51,8 @@ export function AppRoutes() {
             {/* 独立路由 - 无布局（如登录页）*/}
             {standaloneRoutes.map(renderRoute)}
 
-            {/* 默认路由 - 显示 Landing 页面（跳转到静态 landing.html） */}
+            {/* 默认路由 - 重定向到首页 */}
-            <Route path="/" element={<Landing />} />
+            <Route path="/" element={<Navigate to="/home" replace />} />
 
             {/* 404 页面 - 捕获所有未匹配的路由 */}
             <Route path="*" element={<Navigate to="/home" replace />} />

valuefrontier.conf

@@ -1,132 +1,118 @@
-# /etc/nginx/sites-available/valuefrontier
+# ============================================================================
-# 完整配置 - Next.js只处理特定页面，其他全部导向React应用
+# 110.42.32.207 Nginx 配置
+# API 服务<E69C8D>?- 处理所有后<E69C89>?API 和代理请<E79086>?
+#
+# 部署步骤<E6ADA5>?
+# 1. 上传到服务器: scp nginx-110.42.32.207.conf ubuntu@110.42.32.207:/tmp/
+# 2. 复制配置: sudo cp /tmp/nginx-110.42.32.207.conf /etc/nginx/sites-available/api.conf
+# 3. 启用配置: sudo ln -s /etc/nginx/sites-available/api.conf /etc/nginx/sites-enabled/
+# 4. 申请证书: sudo certbot --nginx -d api.valuefrontier.cn (或使用其他方<E4BB96>?
+# 5. 测试重载: sudo nginx -t && sudo systemctl reload nginx
+# ============================================================================
+
 # WebSocket 连接升级映射
 map $http_upgrade $connection_upgrade {
     default upgrade;
     '' close;
 }
 
-# ============================================
+# ============================================================================
-# Flask 后端负载均衡（支持多进程）
+# HTTP (端口 80) - 重定向到 HTTPS
-# ============================================
+# ============================================================================
-upstream flask_backend {
-    # 后端服务器（110.42.32.207 运行 gunicorn）
-    server 110.42.32.207:5001;
-
-    # 如果需要本地也运行一个实例做负载均衡，取消下面注释
-    # server 127.0.0.1:5001;
-
-    # 保持连接（提升性能）
-    keepalive 32;
-}
-
-# HTTP (端口 80) 服务器块: 负责将所有HTTP请求重定向到HTTPS
 server {
     listen 80;
-    server_name valuefrontier.cn www.valuefrontier.cn;
+    server_name api.valuefrontier.cn 110.42.32.207;
 
-    # 这一段是为了让Certbot自动续期时能正常工作
+    # Let's Encrypt 验证
     location /.well-known/acme-challenge/ {
         root /var/www/html;
     }
 
-    location ~ \.txt$ {
-      root /var/www/valuefrontier.cn;
-      add_header Content-Type "text/plain";
-    }
     location / {
-        # 301永久重定向到安全的HTTPS版本
         return 301 https://$host$request_uri;
     }
 }
 
-# HTTPS (端口 443) 服务器块: 处理所有加密流量和实际的应用逻辑
+# ============================================================================
+# HTTPS (端口 443) - API 服务
+# ============================================================================
 server {
     listen 443 ssl http2;
-    server_name valuefrontier.cn www.valuefrontier.cn;
+    server_name api.valuefrontier.cn 110.42.32.207;
 
-    # --- SSL 证书配置 ---
+    # SSL 证书配置
-    ssl_certificate /etc/letsencrypt/live/valuefrontier.cn/fullchain.pem;
+    # 方式1: 使用 IP 证书（需要购买）
-    ssl_certificate_key /etc/letsencrypt/live/valuefrontier.cn/privkey.pem;
+    # 方式2: 使用自签名证书（CDN 回源可以配置<E9858D>?HTTP<54>?
+    # 方式3: 如果有域名指向这台服务器，用 Let's Encrypt
+    #
+    # 临时使用自签名证书（生产环境建议使用正式证书<E8AF81>?
+    # sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+    #   -keyout /etc/nginx/ssl/server.key \
+    #   -out /etc/nginx/ssl/server.crt \
+    #   -subj "/CN=110.42.32.207"
+    ssl_certificate /etc/nginx/ssl/api.valuefrontier.cn/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/api.valuefrontier.cn/privkey.pem;
 
+    # SSL 优化
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers off;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 1d;
 
     # ============================================
-      # SEO 文件配置（robots.txt + sitemap.xml）
+    # CORS 配置（允<EFBC88>?CDN 域名访问<E8AEBF>?
-      # 优先级最高，放在最前面
     # ============================================
+    set $cors_origin 'https://valuefrontier.cn';
 
-      # robots.txt - 精确匹配（优先级最高）
+    # 如果需要限制来源，取消下面注释
-      location = /robots.txt {
+    # set $cors_origin '';
-          root /var/www/valuefrontier;
+    # if ($http_origin ~* "^https://(www\.)?valuefrontier\.cn$") {
-          add_header Content-Type "text/plain; charset=utf-8";
+    #     set $cors_origin $http_origin;
-          add_header Cache-Control "public, max-age=3600";  # 缓存 1 小时
-          access_log off;  # 减少日志记录
-      }
-
-      # sitemap.xml - 精确匹配
-      location = /sitemap.xml {
-          root /var/www/valuefrontier;
-          add_header Content-Type "application/xml; charset=utf-8";
-          add_header Cache-Control "public, max-age=3600";  # 缓存 1 小时
-          access_log off;
-      }
-
-        # --- 为React应用提供静态资源 ---
-    location /static/ {
-        alias /var/www/valuefrontier.cn/static/;
-        expires 1y;
-        add_header Cache-Control "public, immutable";
-        add_header Access-Control-Allow-Origin *;
-    }
-    location ~ \.txt$ {
-      root /var/www/valuefrontier.cn;
-      add_header Content-Type "text/plain";
-    }
-
-    location /manifest.json {
-        alias /var/www/valuefrontier.cn/manifest.json;
-        add_header Content-Type "application/json";
-    }
-
-    location /favicon.ico {
-        alias /var/www/valuefrontier.cn/favicon.ico;
-    }
-
-    # --- Next.js 专用静态资源 (已废弃，保留以防需要回滚) ---
-    # location /_next/ {
-    #     proxy_pass http://127.0.0.1:3000;
-    #     proxy_http_version 1.1;
-    #     proxy_set_header Host $host;
-    #     proxy_set_header X-Real-IP $remote_addr;
-    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    #     proxy_set_header X-Forwarded-Proto $scheme;
-    #     expires 1y;
-    #     add_header Cache-Control "public, immutable";
     # }
 
-  # --- 后端API反向代理（使用 upstream 支持负载均衡）---
+    # ============================================
+    # Flask API 代理（本<EFBC88>?gunicorn<72>?
+    # ============================================
     location /api/ {
-      proxy_pass http://flask_backend;
+        # 处理 OPTIONS 预检请求
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' $cors_origin always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, Cookie' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Max-Age' 86400;
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
+
+        proxy_pass http://127.0.0.1:5001;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Connection "";  # 启用 keepalive
+        proxy_set_header Connection "";
 
-      # 超时配置（微信回调等需要足够时间）
+        # 统一添加 CORS <20>?
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+
+        # 超时配置
         proxy_connect_timeout 60s;
         proxy_send_timeout 120s;
         proxy_read_timeout 120s;
-
-      # 错误处理
-      proxy_next_upstream error timeout http_502 http_503 http_504;
-      proxy_next_upstream_tries 3;
     }
 
-    # WebSocket (Socket.IO) 代理
+    # ============================================
+    # WebSocket - Socket.IO (Flask)
+    # ============================================
     location /socket.io/ {
-      proxy_pass http://flask_backend;
+        proxy_pass http://127.0.0.1:5001;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
@@ -134,6 +120,7 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+
         proxy_connect_timeout 7d;
         proxy_send_timeout 7d;
         proxy_read_timeout 7d;
@@ -141,12 +128,12 @@ server {
     }
 
     # ============================================
-    # 实时行情 WebSocket 代理（灵活屏功能）
+    # 实时行情 WebSocket
     # ============================================
 
-    # 上交所实时行情 WebSocket
+    # 上交所行情（本地服务）
     location /ws/sse {
-        proxy_pass http://127.0.0.1:8765;  # 本机行情服务
+        proxy_pass http://127.0.0.1:8765;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
@@ -154,13 +141,14 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+
         proxy_connect_timeout 7d;
         proxy_send_timeout 7d;
         proxy_read_timeout 7d;
         proxy_buffering off;
     }
 
-    # 深交所实时行情 WebSocket
+    # 深交所行情
     location /ws/szse {
         proxy_pass http://222.128.1.157:8765;
         proxy_http_version 1.1;
@@ -170,12 +158,16 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+
         proxy_connect_timeout 7d;
         proxy_send_timeout 7d;
         proxy_read_timeout 7d;
         proxy_buffering off;
     }
 
+    # ============================================
+    # MCP 服务（本地）
+    # ============================================
     location /mcp/ {
         proxy_pass http://127.0.0.1:8900/;
         proxy_http_version 1.1;
@@ -195,8 +187,7 @@ server {
 
         gzip off;
         add_header X-Accel-Buffering no;
-
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
-          add_header 'Access-Control-Allow-Origin' '$http_origin' always;
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
         add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
         add_header 'Access-Control-Allow-Credentials' 'true' always;
@@ -206,24 +197,66 @@ server {
         }
     }
 
-    # 概念板块API代理
+    # ============================================
+    # 数据服务 API 代理 (222.128.1.157)
+    # ============================================
+
+    # 概念板块 API
     location /concept-api/ {
+        # 处理 OPTIONS 预检请求
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' $cors_origin always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Max-Age' 86400;
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+
+        # 隐藏后端返回<E8BF94>?CORS 头（避免重复<E9878D>?
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
+
         proxy_pass http://222.128.1.157:16801/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Access-Control-Allow-Origin *;
+
-        proxy_set_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
+        # 统一添加 CORS <20>?
-        proxy_set_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+
         proxy_connect_timeout 60s;
         proxy_send_timeout 60s;
         proxy_read_timeout 60s;
     }
 
-    # Elasticsearch API代理（价值论坛）
+    # Elasticsearch API
     location /es-api/ {
+        # 处理 OPTIONS 预检请求
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' $cors_origin always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, HEAD' always;
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Max-Age' 86400;
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+
+        # 隐藏后端返回<E8BF94>?CORS 头（避免重复<E9878D>?
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
+
         proxy_pass http://222.128.1.157:19200/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
@@ -231,27 +264,133 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
 
-        # CORS 配置
+        # 统一添加 CORS <EFBFBD>?
-        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, HEAD' always;
-        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
         add_header 'Access-Control-Allow-Credentials' 'true' always;
 
-        # 处理 OPTIONS 预检请求
-        if ($request_method = 'OPTIONS') {
-            return 204;
-        }
-
-        # 超时设置
         proxy_connect_timeout 60s;
         proxy_send_timeout 60s;
         proxy_read_timeout 60s;
-
-        # 禁用缓冲以支持流式响应
         proxy_buffering off;
     }
 
-	# 拜特桌面API代理 (bytedesk)
+    # 新闻搜索 API
+    location /news-api/ {
+        # 处理 OPTIONS 预检请求
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' $cors_origin always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Max-Age' 86400;
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+
+        # 隐藏后端返回<E8BF94>?CORS 头（避免重复<E9878D>?
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
+
+        proxy_pass http://222.128.1.157:21891/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # 统一添加 CORS <20>?
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+
+        proxy_connect_timeout 90s;
+        proxy_send_timeout 90s;
+        proxy_read_timeout 90s;
+    }
+
+    # 研报搜索 API
+    location /report-api/ {
+        # 处理 OPTIONS 预检请求
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' $cors_origin always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Max-Age' 86400;
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+
+        # 隐藏后端返回<E8BF94>?CORS 头（避免重复<E9878D>?
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
+
+        proxy_pass http://222.128.1.157:8811/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # 统一添加 CORS <20>?
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+
+        proxy_connect_timeout 120s;
+        proxy_send_timeout 120s;
+        proxy_read_timeout 120s;
+    }
+
+    # 商品分类 API
+    location /category-api/ {
+        # 处理 OPTIONS 预检请求
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' $cors_origin always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Max-Age' 86400;
+            add_header 'Content-Length' 0;
+            return 204;
+        }
+
+        # 隐藏后端返回<E8BF94>?CORS 头（避免重复<E9878D>?
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Methods;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Expose-Headers;
+
+        proxy_pass http://222.128.1.157:18827/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # 统一添加 CORS <20>?
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+
+        proxy_connect_timeout 120s;
+        proxy_send_timeout 120s;
+        proxy_read_timeout 120s;
+
+        proxy_buffering on;
+        proxy_buffer_size 128k;
+        proxy_buffers 8 256k;
+        proxy_busy_buffers_size 512k;
+    }
+
+    # ============================================
+    # Bytedesk 客服系统代理 (43.143.189.195)
+    # ============================================
+
     location /bytedesk/ {
         proxy_pass http://43.143.189.195/;
         proxy_http_version 1.1;
@@ -261,19 +400,21 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        add_header 'Access-Control-Allow-Origin' '*' always;
+
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
         add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
         add_header 'Access-Control-Allow-Credentials' 'true' always;
+
         if ($request_method = 'OPTIONS') {
             return 204;
         }
+
         proxy_connect_timeout 120s;
         proxy_send_timeout 120s;
         proxy_read_timeout 120s;
     }
 
-    # 2. WebSocket代理（必需！）
     location /websocket {
         proxy_pass http://43.143.189.195/websocket;
         proxy_http_version 1.1;
@@ -283,12 +424,12 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+
         proxy_connect_timeout 86400s;
         proxy_send_timeout 86400s;
         proxy_read_timeout 86400s;
     }
 
-    # iframe 内部资源代理（Bytedesk 聊天窗口的 CSS/JS）
     location /chat/ {
         proxy_pass http://43.143.189.195/chat/;
         proxy_http_version 1.1;
@@ -299,29 +440,25 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
 
-            # ✨ 自动替换响应内容中的 IP 地址为域名（解决 Mixed Content）
+        # 替换响应内容中的 IP 地址
-            sub_filter 'http://43.143.189.195' 'https://valuefrontier.cn';
+        sub_filter 'http://43.143.189.195' 'https://www.valuefrontier.cn';
-            sub_filter_once off;  # 替换所有匹配项
+        sub_filter_once off;
         sub_filter_types text/css text/javascript application/javascript application/json;
 
-            # CORS 头部
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
-            add_header 'Access-Control-Allow-Origin' '*' always;
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
-            add_header 'Access-Control-Allow-Headers'
+        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
-  'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
         add_header 'Access-Control-Allow-Credentials' 'true' always;
 
         if ($request_method = 'OPTIONS') {
             return 204;
         }
 
-            # 超时设置
         proxy_connect_timeout 120s;
         proxy_send_timeout 120s;
         proxy_read_timeout 120s;
     }
 
-	  # Bytedesk 配置接口代理
     location /config/ {
         proxy_pass http://43.143.189.195/config/;
         proxy_http_version 1.1;
@@ -330,23 +467,19 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
 
-	      # CORS 头部
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
-	      add_header 'Access-Control-Allow-Origin' '*' always;
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
-	      add_header 'Access-Control-Allow-Headers'
+        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
-	  'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
 
         if ($request_method = 'OPTIONS') {
             return 204;
         }
 
-	      # 超时设置
         proxy_connect_timeout 120s;
         proxy_send_timeout 120s;
         proxy_read_timeout 120s;
     }
 
-	  # Bytedesk 上传文件代理
     location ^~ /uploads/ {
         proxy_pass http://43.143.189.195/uploads/;
         proxy_http_version 1.1;
@@ -355,30 +488,25 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
 
-          # 缓存配置
         proxy_cache_valid 200 1d;
         expires 1d;
         add_header Cache-Control "public, max-age=86400";
     }
 
-      # Bytedesk 文件访问代理（仅 2025 年文件）
+    location ^~ /file/ {
-      location ^~ /file/2025/ {
+        proxy_pass http://43.143.189.195/file/;
-          proxy_pass http://43.143.189.195/file/2025/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
 
-          # 缓存配置
         proxy_cache_valid 200 1d;
         expires 1d;
         add_header Cache-Control "public, max-age=86400";
-          add_header Access-Control-Allow-Origin *;
+        add_header Access-Control-Allow-Origin $cors_origin;
     }
 
-
-	  # Visitor API 代理（Bytedesk 初始化接口）
     location /visitor/ {
         proxy_pass http://43.143.189.195/visitor/;
         proxy_http_version 1.1;
@@ -386,21 +514,21 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-
-	      # ✨ 禁用压缩（让 sub_filter 能处理 JSON）
         proxy_set_header Accept-Encoding "";
 
-	      # ✨ 替换 JSON 响应中的 IP 地址为域名
+        # 替换 JSON 响应中的 IP 地址
-	      sub_filter 'http://43.143.189.195' 'https://valuefrontier.cn';
+        sub_filter 'http://43.143.189.195' 'https://www.valuefrontier.cn';
         sub_filter_once off;
         sub_filter_types application/json;
 
-	      add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
         add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
+
         if ($request_method = 'OPTIONS') {
             return 204;
         }
+
         proxy_connect_timeout 120s;
         proxy_send_timeout 120s;
         proxy_read_timeout 120s;
@@ -415,13 +543,16 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-	      add_header 'Access-Control-Allow-Origin' '*' always;
+
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
         add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
         add_header 'Access-Control-Allow-Credentials' 'true' always;
+
         if ($request_method = 'OPTIONS') {
             return 204;
         }
+
         proxy_connect_timeout 7d;
         proxy_send_timeout 7d;
         proxy_read_timeout 7d;
@@ -438,7 +569,7 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
 
-            add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Origin' $cors_origin always;
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
         add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
         add_header 'Access-Control-Allow-Credentials' 'true' always;
@@ -453,209 +584,36 @@ server {
         proxy_buffering off;
     }
 
-
-	 # 6. 头像和静态资源（解决404问题）
     location ^~ /avatars/ {
         proxy_pass http://43.143.189.195/uploads/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
-          # 缓存静态资源
+
         proxy_cache_valid 200 1d;
         proxy_cache_bypass $http_cache_control;
     }
 
-      # 7. Bytedesk所有其他资源
     location /assets/ {
         proxy_pass http://43.143.189.195/assets/;
         proxy_set_header Host $host;
+
         expires 1d;
         add_header Cache-Control "public, immutable";
     }
 
-
+    # ============================================
-
+    # 健康检<E5BAB7>?
-    # 新闻搜索API代理
+    # ============================================
-    location /news-api/ {
+    location /health {
-        proxy_pass http://222.128.1.157:21891/;
+        return 200 'ok';
-        proxy_http_version 1.1;
+        add_header Content-Type text/plain;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Access-Control-Allow-Origin *;
-        proxy_set_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
-        proxy_set_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
-        proxy_connect_timeout 90s;
-        proxy_send_timeout 90s;
-        proxy_read_timeout 90s;
     }
 
-    # 研报搜索API代理
+    # ============================================
-    location /report-api/ {
+    # 默认返回 404
-        proxy_pass http://222.128.1.157:8811/;
+    # ============================================
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Access-Control-Allow-Origin *;
-        proxy_set_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
-        proxy_set_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
-        proxy_connect_timeout 120s;
-        proxy_send_timeout 120s;
-        proxy_read_timeout 120s;
-    }
-
-    # 商品分类树数据API代理（数据浏览器）
-    location /category-api/ {
-        proxy_pass http://222.128.1.157:18827/;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-
-        # CORS 配置
-        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
-
-        # 处理 OPTIONS 预检请求
-        if ($request_method = 'OPTIONS') {
-            return 204;
-        }
-
-        # 超时设置（数据量大，需要较长超时时间）
-        proxy_connect_timeout 120s;
-        proxy_send_timeout 120s;
-        proxy_read_timeout 120s;
-
-        # 缓冲配置（支持大响应体）
-        proxy_buffering on;
-        proxy_buffer_size 128k;
-        proxy_buffers 8 256k;
-        proxy_busy_buffers_size 512k;
-    }
-
-    # --- 新的静态官网静态资源（优先级最高） ---
-    # 使用 ^~ 前缀确保优先匹配，不被后面的规则覆盖
-    location ^~ /css/ {
-        root /var/www/valuefrontier;
-        expires 1y;
-        add_header Cache-Control "public, immutable";
-    }
-
-    location ^~ /js/ {
-        root /var/www/valuefrontier;
-        expires 1y;
-        add_header Cache-Control "public, immutable";
-    }
-
-    location ^~ /img/ {
-        root /var/www/valuefrontier;
-        expires 1y;
-        add_header Cache-Control "public, immutable";
-    }
-
-    location ^~ /videos/ {
-        root /var/www/valuefrontier;
-        expires 1y;
-        add_header Cache-Control "public, immutable";
-    }
-
-    location ^~ /fonts/ {
-        root /var/www/valuefrontier;
-        expires 1y;
-        add_header Cache-Control "public, immutable";
-    }
-
-    # 官网HTML页面
-    location ~ ^/(conversational-ai|customizable-workflows|integration|docs|sign-in|sign-up|reset-password)\.html$ {
-        root /var/www/valuefrontier;
-        try_files $uri =404;
-    }
-
-    # 官网首页 - 静态HTML
-    location = / {
-        root /var/www/valuefrontier;
-        try_files /index.html =404;
-    }
-
-    # --- React 应用 (默认 catch-all) ---
-    # 所有其他路径都导向React应用
-    # 包括: /home, /community, /concepts, /limit-analyse, /stocks 等
     location / {
-        root /var/www/valuefrontier.cn;
+        return 404 '{"error": "Not Found"}';
-        index index.html index.htm;
+        add_header Content-Type application/json;
-        # 所有SPA路由都返回index.html让React处理
-        try_files $uri $uri/ /index.html;
-
-        # 为静态资源添加缓存头
-        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
-            expires 1y;
-            add_header Cache-Control "public, immutable";
-            add_header Access-Control-Allow-Origin *;
-        }
     }
 }
-
-# ==========================================================
-# api.valuefrontier.cn - 服务器配置块 (START)
-# ==========================================================
-
-server {
-    if ($host = api.valuefrontier.cn) {
-        return 301 https://$host$request_uri;
-    } # managed by Certbot
-
-
-    listen 80;
-    server_name api.valuefrontier.cn; # <--- 明确指定域名
-
-    # 这一段是为了让Certbot自动续期时能正常工作
-    location /.well-known/acme-challenge/ {
-        root /var/www/html;
-    }
-
-    # 将所有到 api 域名的 HTTP 请求重定向到 HTTPS
-    location / {
-        return 301 https://$host$request_uri;
-    }
-
-
-}
-
-server {
-    listen 443 ssl http2;
-    server_name api.valuefrontier.cn; # <--- 明确指定域名
-
-    # --- SSL 证书配置 ---
-    # Certbot 会自动填充这里，但我们可以先写上占位符
-    ssl_certificate /etc/letsencrypt/live/api.valuefrontier.cn/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/api.valuefrontier.cn/privkey.pem; # managed by Certbot
-
-    # (推荐) 包含通用的SSL安全配置
-    # include /etc/letsencrypt/options-ssl-nginx.conf;
-    # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-
-    # --- API 反向代理 ---
-    location / {
-        # 假设你的API后端运行在本地的8080端口
-        # 请修改为你API服务的真实地址和端口
-        proxy_pass http://127.0.0.1:8080;
-
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host $host;
-        proxy_cache_bypass $http_upgrade;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-
-}
-
-# ==========================================================
-# api.valuefrontier.cn - 服务器配置块 (END)
-# ==========================================================