server {
    listen       80;
    listen [::]:80;
    server_name  swfc.flameby.com;

    listen 443 ssl;
    server_name  swfc.flameby.com;

    ssl_certificate /etc/nginx/ssl/swfc.flameby.com/swfc.flameby.com.pem;
    ssl_certificate_key /etc/nginx/ssl/swfc.flameby.com/swfc.flameby.com.key;
    # 配置SSL参数
    ssl_protocols TLSv1.2 TLSv1.3;  # 指定支持的SSL/TLS协议版本
    ssl_prefer_server_ciphers on;  # 使用服务器端加密套件顺序
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';  # 指定加密套件

    # 配置其他SSL选项
    ssl_session_timeout 1d;  # SSL会话过期时间
    ssl_session_cache shared:SSL:10m;  # SSL会话缓存大小
    ssl_session_tickets off;  # 禁用SSL会话票据

    # 配置HTTP到HTTPS的重定向（可选）
    if ($scheme != "https") {
        return 301 https://swfc.flameby.com;
    }

    gzip on;
    # 定义要压缩的文件类型
    gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    # 定义压缩级别
    gzip_comp_level 6;
    # 定义压缩缓冲区大小
    gzip_buffers 16 8k;
    # 定义压缩最小文件大小
    gzip_min_length 256;
    # 定义压缩的 HTTP 版本
    gzip_http_version 1.1;
    # 定义压缩的条件
    gzip_vary on;
    # 定义压缩的处理方式
    gzip_proxied any;
    # 定义压缩的处理方法
    gzip_static on;

    root  /usr/share/nginx/html/h5/dist;
    location / {
        index  index.html index.htm;
        try_files $uri $uri/ @router;
    }

    location @router {
        rewrite ^.*$ /index.html break;
    }

    location /api{
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 20M;
        proxy_send_timeout 500;
        proxy_read_timeout 480;
        rewrite ^/api(.*)$ $1 break;
        proxy_pass http://localhost:8088;
    }
}