server { listen __PORT__; server_name auth.__DNSDOMAIN__; root __PORTALSITEDIR__; # Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf) #access_log /var/log/nginx/portal.log lm_app; if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) { rewrite ^/(.*)$ /index.psgi/$1 break; } location ~ ^(?/.*\.psgi)(?:$|/) { # Note that Content-Security-Policy header is generated by portal itself # FastCGI configuration include /etc/nginx/fastcgi_params; fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock; fastcgi_param LLTYPE psgi; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.*\.psgi)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; # Uncomment this if you use Auth SSL: #map $ssl_client_s_dn $ssl_client_s_dn_cn { # default ""; # ~/CN=(?[^/]+) $CN; #} #fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn # OR TO USE uWSGI #include /etc/nginx/uwsgi_params; #uwsgi_pass 127.0.0.1:5000; #uwsgi_param LLTYPE psgi; #uwsgi_param SCRIPT_FILENAME $document_root$sc; #uwsgi_param SCRIPT_NAME $sc; } index index.psgi; location / { try_files $uri $uri/ =404; # Uncomment this if you use https only #add_header Strict-Transport-Security "15768000"; } location /static/ { alias __PORTALSTATICDIR__; } # REST/SOAP functions for sessions management (disabled by default) location /index.psgi/adminSessions { deny all; } # REST/SOAP functions for sessions access (disabled by default) location /index.psgi/sessions { deny all; } # REST/SOAP functions for configuration access (disabled by default) location /index.psgi/config { deny all; } # REST/SOAP functions for notification insertion (disabled by default) location /index.psgi/notification { deny all; } # DEBIAN # If install was made with USEDEBIANLIBS (official releases), uncomment this #location /javascript/ { # alias /usr/share/javascript/; #} }