server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;  # ✅ 启用 HTTP/2

    server_name home.mz.xiongxiao.me;
    client_max_body_size 240m;

    # SSL 配置
    ssl_certificate /etc/letsencrypt/live/home.mz.xiongxiao.me/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/home.mz.xiongxiao.me/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # 提升 WebSocket 支持
    proxy_http_version 1.1;

    location ~* \.(gif|png|jpg|css|js|woff|woff2)$ {
        proxy_pass http://xionmi.mz.zxj.im:8123;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
        expires 12h;
        add_header Cache-Control "public";
    }

    location / {
        proxy_pass http://xionmi.mz.zxj.im:8123/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
        add_header X-Cache $upstream_cache_status;
        add_header Cache-Control no-cache;
    }
}

server {
    listen 80;
    listen [::]:80;
    server_name home.mz.xiongxiao.me;
    return 301 https://$host$request_uri;
}