server { listen 80; set $root_path '/var/www/html'; set $frontend_path '${root_path}/frontend'; root $root_path; charset utf-8; add_header X-Frame-Options "sameorigin" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Content-Security-Policy "default-src 'none';style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/;img-src 'self' data: www.google-analytics.com;font-src 'self' data:;connect-src 'self' https://sentry.io https://sentry.ely.by;frame-src https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/"; # You can uncomment the next lines to enable debug mode # rewrite_log on; # error_log /var/log/nginx/error.log debug; set $request_url $request_uri; set $host_with_uri '${host}${request_uri}'; if ($host_with_uri ~ '^${AUTHSERVER_HOST}/auth') { set $request_url '/api/authserver${request_uri}'; rewrite ^/auth /api/authserver$uri last; } if ($host_with_uri ~ '^${AUTHSERVER_HOST}/session') { set $request_url '/api/minecraft${request_uri}'; rewrite ^/session /api/minecraft$uri last; } if ($host_with_uri ~ '^${AUTHSERVER_HOST}/api/(user|profiles)') { set $request_url '/api/mojang${request_uri}'; rewrite ^/api/(user|profiles) /api/mojang$uri last; } location / { if ($request_uri = '/') { more_set_headers "X-Authlib-Injector-API-Location: /api/authlib-injector"; } root $frontend_path; access_log off; etag on; expires $cache_duration; try_files $uri /index.html =404; } location /images/emails/assets { proxy_pass http://emails-renderer:3000/assets/; expires $cache_duration; access_log off; } location /api { try_files $uri /api/index.php$is_args$args; } location ~* \.php$ { fastcgi_pass php; # Use generated upstream. See generate-upstream.sh fastcgi_index /index.php; fastcgi_cache cache; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $request_url; fastcgi_param REMOTE_ADDR $http_x_real_ip; # Override HTTPS param to handle ssl from nginx-proxy or haproxy containers fastcgi_param HTTPS $http_x_forwarded_ssl if_not_empty; fastcgi_param HTTPS $http_x_forwarded_proto if_not_empty; } }