upstream api_service {
    server api:80;
}

upstream dlweb_service {
    server dlweb:80;
}

upstream wxserver_service {
    server wxserver:3000;
}

# =============================================
# 域名路由模式 + SSL（Let's Encrypt 自动证书）
#
# 域名由 .env 文件中的 API_DOMAIN / DLWEB_DOMAIN / WX_DOMAIN 自动注入
# 修改域名只需编辑 .env 然后 docker compose restart nginx
#
# ================== 微信域名配置指南 ==================
#
# .env 中配置的 3 个域名对应:
#   ${API_DOMAIN}    → 网站1: game-docker/api
#   ${DLWEB_DOMAIN}  → 网站2: game-docker/dlweb/api
#   ${WX_DOMAIN}     → 网站3: game-docker/wxserver_daoqi
#
# 【微信小程序后台】(mp.weixin.qq.com → 开发管理 → 开发设置)
#   - request 合法域名:    https://${WX_DOMAIN}
#   - 业务域名:            ${WX_DOMAIN}
#     (验证文件放到 wxserver_daoqi/public/MP_verify_xxx.txt)
#
# 【微信公众号后台】(mp.weixin.qq.com → 设置与开发 → 公众号设置)
#   - 业务域名:            ${API_DOMAIN}
#     (验证文件在 api/ 根目录)
#   - JS接口安全域名:       ${API_DOMAIN}
#   - 网页授权域名:         ${WX_DOMAIN}
#
# 【微信支付后台】(pay.weixin.qq.com)
#   - 支付授权目录:  https://${DLWEB_DOMAIN}/
#   - 支付回调通知:  由代码中 notify_url 指定
#
# =============================================

# =============================================
# SSL 通用配置（被各 server 块 include）
# =============================================
# 注意: ssl-params.conf 由 init-ssl.sh 生成到
# /etc/nginx/snippets/ssl-params.conf

# ===== HTTP → HTTPS 统一重定向 + ACME 验证 =====
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;

    # Let's Encrypt 域名验证 (必须保留)
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    # 健康检查（供内部/负载均衡器使用，不重定向）
    location /health {
        return 200 'OK';
        add_header Content-Type text/plain;
    }

    # 其余全部 301 重定向到 HTTPS
    location / {
        return 301 https://$host$request_uri;
    }
}

# ===== 网站1: 游戏核心 API (公众号后台) =====
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ${API_DOMAIN};

    ssl_certificate     /etc/letsencrypt/live/${API_DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/${API_DOMAIN}/privkey.pem;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_pass http://api_service;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# ===== 网站2: 代理管理后台 (微信支付) =====
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ${DLWEB_DOMAIN};

    ssl_certificate     /etc/letsencrypt/live/${DLWEB_DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/${DLWEB_DOMAIN}/privkey.pem;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_pass http://dlweb_service;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# ===== 网站3: 微信小程序后端 =====
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ${WX_DOMAIN};

    ssl_certificate     /etc/letsencrypt/live/${WX_DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/${WX_DOMAIN}/privkey.pem;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_pass http://wxserver_service;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}