server {
    listen 22000 ssl;
   # server_name aqai.shudaodsj.com;
    # return 301 https://$host:22000$request_uri;
    # SSL 证书配置
    ssl_certificate /etc/nginx/conf.d/ssl/shudaodsj.com.pem; 
    ssl_certificate_key /etc/nginx/conf.d/ssl/shudaodsj.com.key;    # 私钥
    client_max_body_size 50M;
    # 推荐的 SSL 安全配置
    #ssl_protocols TLSv1.2 TLSv1.3;
    #ssl_ciphers ECDHE+AESGCM:DHE+AESGCM:AES256+EECDH:AES256+EDH;
    #ssl_prefer_server_ciphers off;
    #ssl_session_cache shared:SSL:10m;
    #ssl_session_timeout 10m;
    location ~ \.(zip|rar|tar|gz|bak|sql|env|git|log|ini|conf|md|txt)$ {
        deny all;
        return 404;
    } 
    
    location /admin {
        alias /tmp/www/dist;  # 替换为你的静态文件实际路径
        try_files $uri $uri/ /admin/index.html; # 支持前端路由（如 Vue Router history 模式）
    }

    location /admin/api/v1 {
        proxy_pass http://127.0.0.1:28000;  # 替换为你后端服务的实际地址和端口
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /api/auth/login {
        proxy_pass http://127.0.0.1:28001;  # 替换为你后端服务的实际地址和端口
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /api/auth/check-status {
        proxy_pass http://127.0.0.1:28001;  # 替换为你后端服务的实际地址和端口
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /api/captcha/generate {
        proxy_pass http://127.0.0.1:28001;  # 替换为你后端服务的实际地址和端口
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # chroma 搜索接口
    location /api/chroma/search {
        proxy_pass http://127.0.0.1:24000/api/search;  # 替换为你后端服务的实际地址和端口
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 
    # chroma 心跳检测接口
    location /api/chroma/health {
        proxy_pass http://127.0.0.1:24000/api/health;  # 替换为你后端服务的实际地址和端口
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # TTS 接口
    location /tts/voice {
        proxy_pass http://172.16.35.50:8000/tts/voice;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location / {
        proxy_pass http://127.0.0.1:22001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # 关键：禁用代理缓冲，支持流式响应
        proxy_buffering off;
        proxy_cache off;
        proxy_http_version 1.1;

        # proxy_set_header Connection '';
        # chunked_transfer_encoding on;

        # 超时设置
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
    }
}