# 支付服务路由（更严格的限流）
location /api/v1/payments {
    limit_req zone=api_strict burst=10 nodelay;
    limit_conn addr 5;
    
    proxy_pass http://payment_service;
    proxy_http_version 1.1;
    
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Request-ID $request_id;
    
    # 支付接口需要更长的超时时间
    proxy_read_timeout 120s;
    proxy_connect_timeout 120s;
    proxy_send_timeout 120s;
}

# 支付回调接口（通常由第三方调用）
location /api/v1/webhooks/payment {
    # 放宽限流，允许第三方服务调用
    limit_req zone=general burst=50 nodelay;
    
    proxy_pass http://payment_service;
    proxy_http_version 1.1;
    
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Request-ID $request_id;
    
    # 记录详细的访问日志以便审计
    access_log /var/log/nginx/payment-webhook.log main;
}