mirror of
https://github.com/elyby/accounts.git
synced 2024-12-23 22:00:06 +05:30
74 lines
2.6 KiB
Plaintext
74 lines
2.6 KiB
Plaintext
server {
|
|
listen 80;
|
|
|
|
set $root_path '/var/www/html';
|
|
set $frontend_path '${root_path}/frontend';
|
|
|
|
root $root_path;
|
|
charset utf-8;
|
|
|
|
add_header X-Frame-Options "sameorigin" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Content-Security-Policy "default-src 'none';style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/;img-src 'self' data: www.google-analytics.com;font-src 'self' data:;connect-src 'self' https://sentry.io https://sentry.ely.by;frame-src https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/";
|
|
|
|
# You can uncomment the next lines to enable debug mode
|
|
# rewrite_log on;
|
|
# error_log /var/log/nginx/error.log debug;
|
|
|
|
set $request_url $request_uri;
|
|
set $host_with_uri '${host}${request_uri}';
|
|
|
|
if ($host_with_uri ~ '^${AUTHSERVER_HOST}/auth') {
|
|
set $request_url '/api/authserver${request_uri}';
|
|
rewrite ^/auth /api/authserver$uri last;
|
|
}
|
|
|
|
if ($host_with_uri ~ '^${AUTHSERVER_HOST}/session') {
|
|
set $request_url '/api/minecraft${request_uri}';
|
|
rewrite ^/session /api/minecraft$uri last;
|
|
}
|
|
|
|
if ($host_with_uri ~ '^${AUTHSERVER_HOST}/api/(user|profiles)') {
|
|
set $request_url '/api/mojang${request_uri}';
|
|
rewrite ^/api/(user|profiles) /api/mojang$uri last;
|
|
}
|
|
|
|
location / {
|
|
if ($request_uri = '/') {
|
|
more_set_headers "X-Authlib-Injector-API-Location: /api/authlib-injector";
|
|
}
|
|
|
|
root $frontend_path;
|
|
access_log off;
|
|
etag on;
|
|
expires $cache_duration;
|
|
try_files $uri /index.html =404;
|
|
}
|
|
|
|
location /images/emails/assets {
|
|
proxy_pass http://emails-renderer:3000/assets/;
|
|
expires $cache_duration;
|
|
access_log off;
|
|
}
|
|
|
|
location /api {
|
|
try_files $uri /api/index.php$is_args$args;
|
|
}
|
|
|
|
location ~* \.php$ {
|
|
fastcgi_pass php; # Use generated upstream. See generate-upstream.sh
|
|
fastcgi_index /index.php;
|
|
fastcgi_cache cache;
|
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param REQUEST_URI $request_url;
|
|
fastcgi_param REMOTE_ADDR $http_x_real_ip;
|
|
# Override HTTPS param to handle ssl from nginx-proxy or haproxy containers
|
|
fastcgi_param HTTPS $http_x_forwarded_ssl if_not_empty;
|
|
fastcgi_param HTTPS $http_x_forwarded_proto if_not_empty;
|
|
}
|
|
}
|