247361b7dd
* fix: silence nginx healthcheck logs * fix: nginx logs in JSON * fix: typos in nginx conf * refactor: repeat less nginx config * fix: log more req headers from gunicorn * fix: redirect auth->datatracker, not deny * feat: log X-Forwarded-Proto
39 lines
1.6 KiB
Plaintext
39 lines
1.6 KiB
Plaintext
server {
|
|
listen 8080 default_server;
|
|
server_name _;
|
|
|
|
# Replace default "main" formatter with the ietfjson formatter from nginx-logging.conf
|
|
access_log /var/log/nginx/access.log ietfjson;
|
|
|
|
# Note that regex location matches take priority over non-regex "prefix" matches. Use regexes so that
|
|
# our deny all rule does not squelch the other locations.
|
|
location ~ ^/health/nginx$ {
|
|
access_log off;
|
|
return 200;
|
|
}
|
|
|
|
location ~ ^/robots.txt$ {
|
|
add_header Content-Type text/plain;
|
|
return 200 "User-agent: *\nDisallow: /\n";
|
|
}
|
|
|
|
location ~ ^/accounts/create.* {
|
|
return 302 https://datatracker.ietf.org/accounts/create;
|
|
}
|
|
|
|
# n.b. (?!...) is a negative lookahead group
|
|
location ~ ^(/(?!(api/openid/|accounts/login/|accounts/logout/|accounts/reset/|person/.*/photo|group/groupmenu.json)).*) {
|
|
return 302 https://datatracker.ietf.org$${keepempty}request_uri;
|
|
}
|
|
|
|
location / {
|
|
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data: https://datatracker.ietf.org/ https://www.ietf.org/ http://ietf.org/ https://analytics.ietf.org https://static.ietf.org; frame-ancestors 'self' ietf.org *.ietf.org meetecho.com *.meetecho.com gather.town *.gather.town";
|
|
proxy_set_header Host $${keepempty}host;
|
|
proxy_set_header Connection close;
|
|
proxy_set_header X-Request-Start "t=$${keepempty}msec";
|
|
proxy_set_header X-Forwarded-For $${keepempty}proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $${keepempty}remote_addr;
|
|
proxy_pass http://localhost:8000;
|
|
}
|
|
}
|