vf_react/scripts/nginx-api.conf.example

# ============================================================================
# Nginx 配置 - API 服务器
# 部署 CDN 后，Nginx 只需处理 API 请求
#
# 使用方法：
# 1. 复制此文件到服务器: /etc/nginx/sites-available/api.valuefrontier.cn
# 2. 修改 SSL 证书路径
# 3. sudo ln -s /etc/nginx/sites-available/api.valuefrontier.cn /etc/nginx/sites-enabled/
# 4. sudo nginx -t && sudo systemctl reload nginx
# ============================================================================

# API 服务器配置
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name api.valuefrontier.cn;

    # SSL 证书（需要为 api.valuefrontier.cn 申请证书）
    ssl_certificate /etc/nginx/ssl/api.valuefrontier.cn.pem;
    ssl_certificate_key /etc/nginx/ssl/api.valuefrontier.cn.key;

    # SSL 配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;

    # CORS 配置（允许 CDN 域名访问）
    add_header 'Access-Control-Allow-Origin' 'https://www.valuefrontier.cn' always;
    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
    add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With' always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;

    # 处理 OPTIONS 预检请求
    if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' 'https://www.valuefrontier.cn' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With' always;
        add_header 'Access-Control-Max-Age' 86400;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
    }

    # API 代理到 Flask
    location / {
        proxy_pass http://127.0.0.1:5001;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket 支持
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # 超时配置
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }

    # 健康检查端点
    location /health {
        return 200 'ok';
        add_header Content-Type text/plain;
    }
}

# HTTP 重定向到 HTTPS
server {
    listen 80;
    listen [::]:80;
    server_name api.valuefrontier.cn;
    return 301 https://$server_name$request_uri;
}

# ============================================================================
# 可选：如果你想保留原来的 www 域名也指向服务器（作为备用）
# 取消下面的注释
# ============================================================================
# server {
#     listen 443 ssl http2;
#     server_name www.valuefrontier.cn valuefrontier.cn;
#
#     # SSL 证书
#     ssl_certificate /etc/nginx/ssl/valuefrontier.cn.pem;
#     ssl_certificate_key /etc/nginx/ssl/valuefrontier.cn.key;
#
#     root /var/www/valuefrontier.cn;
#     index index.html;
#
#     # SPA 路由
#     location / {
#         try_files $uri $uri/ /index.html;
#     }
#
#     # API 代理
#     location /api {
#         proxy_pass http://127.0.0.1:5001;
#         # ... 其他配置
#     }
# }