server {
   listen       80;
   listen  [::]:80;
   server_name  bmsm27.kptyun.com;

   gzip on;
   gzip_static on;
   gzip_comp_level 6;
   gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

   # 前端静态资源配置
   location / {
        root /usr/share/nginx/html;
        try_files $uri $uri/ /index.html;
        client_max_body_size 300m;
        client_body_timeout 20s;
        # 静态资源缓存控制
        add_header Cache-Control "no-cache, no-store, must-revalidate";
        add_header Pragma no-cache;
        add_header Expires 0;
   }

   # 核心：适配 frp 转发的跨域代理配置
   location ~* ^/(auth|api)/ {
        # 转发到后端真实接口
        proxy_pass http://bmsm278082.kptyun.com$request_uri;
        # 保留真实请求信息，适配 frp 转发
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Origin $http_origin;  # 关键：保留请求源

        # 超时配置，防止 frp 转发超时
        proxy_connect_timeout 120s;
        proxy_read_timeout 120s;
        proxy_send_timeout 120s;

        # ========== 跨域核心配置（适配 frp 转发，永不丢失跨域头） ==========
        add_header Access-Control-Allow-Origin $http_origin always;
        add_header Access-Control-Allow-Credentials true always;
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT, DELETE, PATCH' always;
        add_header Access-Control-Allow-Headers 'Authorization, Content-Type, Token, X-Requested-With, Accept, Origin' always;
        add_header Access-Control-Expose-Headers 'Content-Length, Content-Type' always;

        # 直接处理 OPTIONS 预检请求，不转发到后端（关键优化）
        if ($request_method = 'OPTIONS') {
            return 204;
        }
   }

   # 错误页面配置
   error_page   500 502 503 504  /50x.html;
   location = /50x.html {
      root   /usr/share/nginx/html;
   }
}