server {
    server_name "proc.huiwings.cn";
    listen 443 ssl;
    listen 80;
    client_max_body_size 10M;

    # disable in local test env
     ssl_certificate /etc/letsencrypt/live/huiwings.cn/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/huiwings.cn/privkey.pem; # managed by Certbot

    # huiwing 仓库：`cargo run -p htyproc`，env 见 envs/*/htyproc.env（PROC_PORT=3004）
    set $huiwing_htyproc_rust "127.0.0.1:3004";

    location /api/v1/proc/ {
        add_header Access-Control-Allow-Origin $http_origin always;
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
        add_header Access-Control-Allow-Headers 'Authorization,HtyAdminToken,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always;
        add_header Access-Control-Allow-Credentials true always;
        add_header Access-Control-Max-Age 86400 always;
        if ($request_method = 'OPTIONS') {
            return 200;
        }
        proxy_pass http://127.0.0.1:8880/api/v1/proc/;
    }

    # Rust htyproc：对外 /api/v2/proc → 本进程；后端路由仍为 /api/v1/proc
    location /api/v2/proc/ {
        add_header Access-Control-Allow-Origin $http_origin always;
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
        add_header Access-Control-Allow-Headers 'Authorization,HtyAdminToken,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always;
        add_header Access-Control-Allow-Credentials true always;
        add_header Access-Control-Max-Age 86400 always;
        if ($request_method = 'OPTIONS') {
            return 200;
        }
        proxy_pass http://$huiwing_htyproc_rust/api/v1/proc/;
    }
}