server {
	# listen   80; ## listen for ipv4; this line is default and implied
	# listen   [::]:80 default ipv6only=on; ## listen for ipv6
  listen 443 ssl;

          # ssl on;
          ssl_certificate  /www/cert/diabetes/fullchain.pem;
          ssl_certificate_key  /www/cert/diabetes/privkey.pem;
          ssl_session_timeout 10m;
          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
          ssl_prefer_server_ciphers on;

          # root /www/tangyoutoutiao/src/public;
          root /www/nn_diabetes_main/src/public;
          index index.php index.html index.htm;

          access_log /www/log/nginx/microweb/admin.nginx.access.log;
          error_log  /www/log/nginx/microweb/admin.nginx.error.log;

          # Make site accessible from http://localhost/
          server_name app.diabetes.hbraas.com;

	# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
	sendfile off;

	client_max_body_size 64M;


	# deny access to . files, for security
	#
	location ~ /\. {
	   		log_not_found off;
	   		deny all;
	}

	location ^~ /.well-known {
	               allow all;
	               auth_basic off;
	       }

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    rewrite ^/uploadfile/ https://sancdiabeteswebn201.blob.core.chinacloudapi.cn$request_uri? permanent;


    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }


    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ^~ /v2_h5/ {
        proxy_pass http://host.docker.internal:18080/v2_h5/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }


    location ^~ /v2_admin/ {
        proxy_pass http://host.docker.internal:18090/v2_admin/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }



    location ~ \.php$ {
        fastcgi_pass php74:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }

    location ~* \.(jpg|jpeg|gif|png|css|js|ico|webp|tiff|ttf|svg)$ {
        expires           5d;
    }
}

server {
    listen 80;
    server_name app.diabetes.hbraas.com;
    rewrite ^/(.*) https://$server_name$request_uri? permanent;
}