server {
  listen 80;
  listen [::]:80;
  http2 on;
  # listen 443 ssl;
  # listen [::]:443 ssl;
  # ssl_certificate /usr/local/openresty/nginx/conf/vhost/ssl/gateway.jsaix.cn.crt;
  # ssl_certificate_key /usr/local/openresty/nginx/conf/vhost/ssl/gateway.jsaix.cn.key;
  # ssl_protocols TLSv1.2 TLSv1.3;
  # ssl_prefer_server_ciphers on;
  # ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
  # ssl_session_timeout 10m;
  # ssl_session_cache builtin:1000 shared:SSL:10m;
  # ssl_session_tickets off;
  ## curl https://ssl-config.mozilla.org/ffdhe2048.txt > /usr/local/openresty/nginx/conf/vhost/ssl/dhparam.pem
  # ssl_dhparam /usr/local/openresty/nginx/conf/vhost/ssl/dhparam.pem;
  # ssl_buffer_size 1400;
  # add_header Strict-Transport-Security "max-age=63072000" always;
  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /usr/local/openresty/nginx/conf/vhost/ssl/full_chain_rsa.crt;
  # resolver 223.5.5.5;
  # add_header X-Xss-Protection "1; mode=block";
  # add_header X-Content-Type-Options nosniff;
  # if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

  server_name *.abchen.net;
  access_log /data/wwwlogs/abchen.net_nginx_$logdate.log combined;
  error_log /data/wwwlogs/error.abchen.net_nginx_$logdate.log;
  index index.html index.htm index.php;

  root /data/wwwroot/default;
  include /usr/local/openresty/nginx/conf/rewrite/laravel.conf;
  #error_page 404 /404.html;
  #error_page 502 /502.html;
  location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
    valid_referers none blocked *.abchen.net;
    if ($invalid_referer) {
        return 403;
    }
  }
  # location /wss {
  #   proxy_http_version 1.1;
  #   proxy_set_header Upgrade $http_upgrade;
  #   # proxy_set_header Connection $connection_upgrade;
  #   # add_header Front-End-Https on;
	# 	# add_header 'Access-Control-Allow-Methods' 'GET,POST';
	# 	# add_header 'Access-Control-Allow-Origin' $http_origin;
	# 	# add_header 'Access-Control-Allow-Credentials' 'true';
	# 	# add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
  #   include proxy.conf;
  #   proxy_pass http://php81:22349;
  # }
  location ~ [^/]\.php(/|$) {
    fastcgi_pass php83:9000;
    #fastcgi_pass unix:/dev/shm/php73-cgi.sock;
    fastcgi_index index.php;
    fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/";
    include fastcgi.conf;
  }

  location ~ .*\.(?i)(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx)$ {
    add_header Content-Disposition attachment;
  }
  location ~* ^/(storage|attachments|upload)/.*\.(php|php5)$ {
    deny all;
  }
  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
  location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
    deny all;
  }
  location /.well-known {
    allow all;
  }
}