63 lines
2.6 KiB
Plaintext
63 lines
2.6 KiB
Plaintext
# Custom nginx configuration for OpenCCB Learning
|
|
# Keep the learning frontend on port 3003 and expose LMS API via same-origin /lms-api.
|
|
|
|
# Security headers (server level)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
|
|
|
|
location /lms-api/ {
|
|
rewrite ^/lms-api/(.*)$ /$1 break;
|
|
proxy_pass http://openccb-experience:3002;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
|
proxy_set_header Connection "";
|
|
proxy_http_version 1.1;
|
|
}
|
|
|
|
location /cms-api/ {
|
|
# CORS safety net at proxy level for CMS API.
|
|
set $cors_origin "";
|
|
if ($http_origin ~* "^https?://([a-z0-9-]+\\.)?norteamericano\\.(com|cl)$") {
|
|
set $cors_origin $http_origin;
|
|
}
|
|
if ($http_origin ~* "^http://localhost(:[0-9]+)?$") {
|
|
set $cors_origin $http_origin;
|
|
}
|
|
|
|
if ($request_method = OPTIONS) {
|
|
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
|
|
add_header Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD" always;
|
|
add_header Access-Control-Allow-Headers "content-type,authorization,x-requested-with,x-organization-id,range" always;
|
|
add_header Access-Control-Max-Age 86400 always;
|
|
add_header Content-Length 0 always;
|
|
add_header Content-Type "text/plain; charset=utf-8" always;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
return 204;
|
|
}
|
|
|
|
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
add_header Vary "Origin" always;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
|
|
rewrite ^/cms-api/(.*)$ /$1 break;
|
|
proxy_pass http://openccb-studio:3001;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
|
proxy_set_header Connection "";
|
|
proxy_http_version 1.1;
|
|
proxy_connect_timeout 60s;
|
|
proxy_send_timeout 600s;
|
|
proxy_read_timeout 600s;
|
|
send_timeout 600s;
|
|
}
|