accounts/docker/nginx/account.ely.by.conf.template

74 lines
2.6 KiB
Plaintext

server {
listen 80;
set $root_path '/var/www/html';
set $frontend_path '${root_path}/frontend';
root $root_path;
charset utf-8;
add_header X-Frame-Options "sameorigin" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Content-Security-Policy "default-src 'none';style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/;img-src 'self' data: www.google-analytics.com;font-src 'self' data:;connect-src 'self' https://sentry.io https://sentry.ely.by;frame-src https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/";
# You can uncomment the next lines to enable debug mode
# rewrite_log on;
# error_log /var/log/nginx/error.log debug;
set $request_url $request_uri;
set $host_with_uri '${host}${request_uri}';
if ($host_with_uri ~ '^${AUTHSERVER_HOST}/auth') {
set $request_url '/api/authserver${request_uri}';
rewrite ^/auth /api/authserver$uri last;
}
if ($host_with_uri ~ '^${AUTHSERVER_HOST}/session') {
set $request_url '/api/minecraft${request_uri}';
rewrite ^/session /api/minecraft$uri last;
}
if ($host_with_uri ~ '^${AUTHSERVER_HOST}/api/(user|profiles)') {
set $request_url '/api/mojang${request_uri}';
rewrite ^/api/(user|profiles) /api/mojang$uri last;
}
location / {
if ($request_uri = '/') {
more_set_headers "X-Authlib-Injector-API-Location: /api/authlib-injector";
}
root $frontend_path;
access_log off;
etag on;
expires $cache_duration;
try_files $uri /index.html =404;
}
location /images/emails/assets {
proxy_pass http://emails-renderer:3000/assets/;
expires $cache_duration;
access_log off;
}
location /api {
try_files $uri /api/index.php$is_args$args;
}
location ~* \.php$ {
fastcgi_pass php; # Use generated upstream. See generate-upstream.sh
fastcgi_index /index.php;
fastcgi_cache cache;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $request_url;
fastcgi_param REMOTE_ADDR $http_x_real_ip;
# Override HTTPS param to handle ssl from nginx-proxy or haproxy containers
fastcgi_param HTTPS $http_x_forwarded_ssl if_not_empty;
fastcgi_param HTTPS $http_x_forwarded_proto if_not_empty;
}
}