# 处理HTTP请求（80端口）
server {
    listen 80;
    server_name ffing.cn www.ffing.cn;

    # 所有HTTP请求都跳转到HTTPS的www版本
    return 301 https://www.ffing.cn$request_uri;
}

# 处理HTTPS请求中不带www的域名
server {
    listen 443 ssl;
    server_name ffing.cn;

    # SSL证书配置
    ssl_certificate /etc/ssl/ffing.cn.pem ;
    ssl_certificate_key /etc/ssl/ffing.cn.key;

    # 跳转到带www的HTTPS版本
    return 301 https://www.ffing.cn$request_uri;
}

# 处理最终的HTTPS请求（带www）
server {
    listen 443 ssl;
    server_name www.ffing.cn;

    # SSL证书配置
    ssl_certificate /etc/ssl/ffing.cn.pem;
    ssl_certificate_key /etc/ssl/ffing.cn.key;

    # 网站根目录和默认索引文件
    root /usr/share/nginx/www;
    index index.htm index.html;

    # 处理根路径请求
    location / {
        try_files $uri $uri/ =404;
    }

    # 可选：添加SSL相关优化配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
}

# HTTP服务器配置（端口80）
server {
    listen 80;
    # 匹配需要跳转的HTTP域名
    server_name ffing.cn www.ffing.cn;

    # 所有HTTP请求跳转到HTTPS的www.ffing.cn
    return 301 https://www.ffing.cn$request_uri;
}

# HTTPS服务器配置（端口443）- 处理ffing.cn.com跳转
server {
    listen 443 ssl;
    # 匹配需要跳转的HTTPS域名
    server_name ffing.cn.com;

    # SSL证书配置
    ssl_certificate /etc/ssl/ffing.cn.pem;
    ssl_certificate_key /etc/ssl/ffing.cn.key;

    # 基本SSL安全配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    # 将ffing.cn.com的HTTPS请求跳转到目标域名
    return 301 https://www.ffing.cn$request_uri;
}

# 注：由于https://www.ffing.cn未在本地部署，无需为该域名配置实际服务块