100 lines
2.5 KiB
Django/Jinja
100 lines
2.5 KiB
Django/Jinja
server {
|
|
listen 80;
|
|
server_name _;
|
|
|
|
gzip_min_length 1000;
|
|
gzip_buffers 4 8k;
|
|
gzip_http_version 1.0;
|
|
gzip_disable "msie6";
|
|
gzip_types text/plain text/css application/json;
|
|
gzip_vary on;
|
|
|
|
index index.html;
|
|
|
|
server_tokens off;
|
|
|
|
client_max_body_size 12288m;
|
|
client_body_timeout 1800;
|
|
|
|
# sub instances
|
|
include "/opt/wapt/conf/wapt.d/*.conf";
|
|
|
|
location /static {
|
|
alias "/opt/wapt/waptserver/static";
|
|
}
|
|
|
|
location /ssl {
|
|
alias "/var/www/html/ssl";
|
|
}
|
|
|
|
# not protected URL
|
|
location ~ ^/(wapt/waptsetup.*.exe|wapt/waptagent/.*|wapt/waptagent.exe|wapt/waptdeploy.exe|sync.json|rules.json|licences.json)$ {
|
|
add_header Cache-Control "store, no-cache, must-revalidate, post-check=0, pre-check=0";
|
|
add_header Pragma "no-cache";
|
|
root "/var/www/html";
|
|
}
|
|
|
|
# not protected URL
|
|
location /wads {
|
|
alias "/var/www/html/wads";
|
|
}
|
|
|
|
# SSL protected URL
|
|
location ~ ^/(wapt/.*|waptwua/.*|wapt-diff-repos/.*)$ {
|
|
add_header Cache-Control "store, no-cache, must-revalidate, post-check=0, pre-check=0";
|
|
add_header Pragma "no-cache";
|
|
|
|
# be sure these headers are not forwarded
|
|
proxy_set_header X-Ssl-Client-Dn "";
|
|
proxy_set_header X-Ssl-Authenticated "";
|
|
|
|
root "/var/www/html";
|
|
}
|
|
|
|
# we don't want to expose our list of computers in case someone scan this folder.
|
|
location /wapt-host/Packages {
|
|
return 403;
|
|
}
|
|
|
|
location ~ ^/(wapt-host/.*)$ {
|
|
log_not_found off;
|
|
add_header Cache-Control "store, no-cache, must-revalidate, post-check=0, pre-check=0";
|
|
add_header Pragma "no-cache";
|
|
|
|
# be sure these headers are not forwarded
|
|
proxy_set_header X-Ssl-Client-Dn "";
|
|
proxy_set_header X-Ssl-Authenticated "";
|
|
|
|
root "/var/www/html";
|
|
}
|
|
|
|
|
|
location ~ ^/.*_kerberos$ {
|
|
return 403;
|
|
}
|
|
|
|
location / {
|
|
add_header X-Remote-IP $remote_addr;
|
|
proxy_http_version 1.1;
|
|
proxy_request_buffering off;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_pass http://127.0.0.1:8080;
|
|
}
|
|
|
|
location /socket.io {
|
|
proxy_http_version 1.1;
|
|
proxy_request_buffering off;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_pass http://127.0.0.1:8080/socket.io;
|
|
}
|
|
}
|