server {
    listen       8080 ssl;
    listen  [::]:8080 ssl;
    server_name localhost;
   index index.php index.html index.htm default.php default.htm default.html;    
   root /app/www/wwwroot/www.valuesys1.com/web;

    ssl_certificate ssl/server.crt;
    ssl_certificate_key ssl/server.key;
    ssl_session_timeout 1h;
    #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    server_tokens off;
   
    proxy_hide_header X-Powered-By;
    add_header X-Powered-By "";
    proxy_hide_header Server;
   add_header X-Frame-Options "SAMEORIGIN";

    add_header X-XSS-Protection "1; mode=block";

    add_header X-Content-Type-Options "nosniff";
    add_header Set-Cookie "Path=/; HttpOnly; Secure";
   
 #车辆系统 

    #PHP-INFO-START  PHP引用配置，可以注释或修改
    location ~ [^/]\.php(/|$)
    {
        try_files $uri =404;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;
        
	fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
	fastcgi_param  QUERY_STRING       $query_string;
	fastcgi_param  REQUEST_METHOD     $request_method;
	fastcgi_param  CONTENT_TYPE       $content_type;
	fastcgi_param  CONTENT_LENGTH     $content_length;

	fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
	fastcgi_param  REQUEST_URI        $request_uri;
	fastcgi_param  DOCUMENT_URI       $document_uri;
	fastcgi_param  DOCUMENT_ROOT      $document_root;
	fastcgi_param  SERVER_PROTOCOL    $server_protocol;
	fastcgi_param  REQUEST_SCHEME     $scheme;
	fastcgi_param  HTTPS              $https if_not_empty;

	fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
	fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

	fastcgi_param  REMOTE_ADDR        $remote_addr;
	fastcgi_param  REMOTE_PORT        $remote_port;
	fastcgi_param  SERVER_ADDR        $server_addr;
	fastcgi_param  SERVER_PORT        $server_port;
	fastcgi_param  SERVER_NAME        $server_name;

	# PHP only, required if PHP was built with --enable-force-cgi-redirect
	fastcgi_param  REDIRECT_STATUS    200;
	set $real_script_name $fastcgi_script_name;
	if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
			set $real_script_name $1;
			set $path_info $2;
	 }
	fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
	fastcgi_param SCRIPT_NAME $real_script_name;
	fastcgi_param PATH_INFO $path_info;
    }
	
    #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
    location ~* (runtime|application)/{
	return 403;
    }
    
    #location /house-car/car/ {
     #   if (!-e $request_filename){
      #          rewrite  ^(.*)$  /index.php?s=$1  last;   break;
      #  }
    #}

    location / {
	if (!-e $request_filename){
     		#rewrite  ^/house-car/car/(.*)$ /index.php?s=$1 last;  break;
		rewrite  ^(.*)$  /index.php?s=$1  last;   break;
	}
     }
	
    #REWRITE-END

    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }

    #禁止在证书验证目录放入敏感文件
    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
        return 403;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log /dev/null;
        access_log /dev/null;
    }

    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log /dev/null;
        access_log /dev/null;
    }
    
    access_log  /app/www/wwwlogs/www.valuesys1.com.log;
    error_log  /app/www/wwwlogs/www.valuesys1.com.error.log;

	#location /house-car/car/car/ {
         #              proxy_redirect off;
          #              proxy_set_header Host $host:$server_port;
          #              proxy_set_header X-Real-IP  $remote_addr;
        #		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #		proxy_pass http://127.0.0.1:39080/car/;
    	#       }
      #location /house-car/car/assets/ {
    
       #	add_header Access-Control-Allow-Origin '*' always;
        #    add_header Access-Control-Allow-Headers '*';
        #    add_header Access-Control-Allow-Methods '*';
        #    add_header Access-Control-Allow-Credentials 'false';
        #    if ($request_method = 'OPTIONS') {
        #        return 204;
        #    }
	#	proxy_redirect off;
        #                proxy_set_header Host $host:$server_port;
        #                proxy_set_header X-Real-IP  $remote_addr;
        #                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#
#		proxy_pass http://127.0.0.1:39080/assets/;
#		}

	
	



	
    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}