worker_processes  auto;        #nginx worker 数量
error_log /home/frankly/work/AuthPlatform/logs/error.log info;   #指定错误日志文件路径

#worker_rlimit_nofile 65535;

events {
    worker_connections 1024;
}

http {

    ##lua_need_request_body on;       #开启读取请求体数据
    client_max_body_size 1024M;      #允许最大100k的请求体
    client_body_buffer_size  1024M;   #设置缓冲区大小

    #lua_code_cache on; #代码缓存

    lua_package_path '$prefix/src/?/?.lua;$prefix/src/?.lua;/home/frankly/work/AuthPlatform/src/?/?.lua;/home/frankly/work/AuthPlatform/src/?.lua;;';
    lua_package_cpath '$prefix/src/share/lib/?.so;/home/frankly/work/AuthPlatform/src/share/lib/?.so;;';

    # Path of the file with trusted CA certificates.
    #lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;

    # The verification depth in the server certificates chain.
    #lua_ssl_verify_depth 3;

    #在Nginx启动时执行的Lua代码块
    #oauth2.0第三方验证后将code放到共享内存中
    lua_shared_dict codeDict 10m;
    #init_by_lua_block {
    #    -- 定义一个全局变量
    #    ngx.log(ngx.INFO, "Initializing global variable")
    #    global_var = "Hello, Nginx with Lua!"
    #    -- 初始化一个共享字典（需要 lua-shared-dict 模块）
    #    local shared_dict = ngx.shared.dict_a
    #    shared_dict:set("key", "value")
    #}
    #init_by_lua_block 与 init_by_lua_file 只能初始化其中的一个，不能同时启用
    #否则报错nginx: [emerg] "init_by_lua_file" directive is duplicate
    #init_by_lua_file '/home/frankly/work/AuthPlatform/src/init.lua';

    init_worker_by_lua_file '/home/frankly/work/AuthPlatform/src/init.lua';

    server {
        listen       9080;
        server_name  127.0.0.1;
        default_type text/html;
        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }
        ## 应用路径 todo 路径问题
        set $APP_PATH '/home/frankly/work/AuthPlatform';

        # 全局 CORS 配置 访问时允许跨域处理
        # 允许所有域跨域访问（不推荐，出于安全考虑应指定具体域名）
        add_header 'Access-Control-Allow-Origin' '*';
        # 允许特定域跨域访问（推荐）
        #add_header 'Access-Control-Allow-Origin' 'https://xxx.com';
        # 允许的HTTP方法
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
        # 允许的自定义请求头
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,Authorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Laction';
        # 允许的暴露请求头
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,Authorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Location';
        # 允许携带Cookie
        add_header 'Access-Control-Allow-Credentials' 'true';
        # 预检请求的有效期（可选）
        add_header 'Access-Control-Max-Age' 1728000;
        # 如果请求方法是OPTIONS，则直接返回204状态码，不执行后续操作
        if ($request_method = 'OPTIONS') {
            return 204;
        }

        #数据列表配置
        include 'system/system.conf';

        #测试接口配置
        location /testTree {
            content_by_lua_file '${APP_PATH}/src/test/testRadixtree.lua';
        }
        location /testRBAC {
            content_by_lua_file '${APP_PATH}/src/test/testRBAC.lua';
        }
        location /test {
            content_by_lua_file '${APP_PATH}/src/test/test.lua';
        }
    }

    #server {
    #    listen      9081 ssl http2;
    #    server_name  *.*;
    #    ssl_certificate ssl/metroid.crt;
    #    ssl_certificate_key ssl/metroid.key;
    #}
}