server {
    listen 80;
    server_name www.linguotree.com linguotree.com;
    
    # 重定向到HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name www.linguotree.com linguotree.com;
    
    ssl_certificate /path/to/ssl/certificate.crt;
    ssl_certificate_key /path/to/ssl/private.key;
    
    root /var/www/linguotree;
    
    # 静态文件
    location /static {
        alias /var/www/linguotree/static;
        expires 30d;
        add_header Cache-Control "public, immutable";
    }
    
    # Flask应用
    location / {
        include uwsgi_params;
        uwsgi_pass unix:/tmp/linguotree.sock;
    }
    
    # 安全头
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
}