2018-12-10 01:16:07 +00:00
|
|
|
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
|
|
|
|
proxy_connect_timeout 1s;
|
|
|
|
|
2020-01-28 15:21:23 +00:00
|
|
|
server_tokens off;
|
|
|
|
|
2018-12-10 01:16:07 +00:00
|
|
|
server {
|
|
|
|
listen 80 default;
|
|
|
|
|
2020-01-17 06:20:36 +00:00
|
|
|
rewrite ^ https://$host$request_uri permanent;
|
2018-12-10 01:16:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 default ssl http2;
|
|
|
|
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
ssl_dhparam /etc/nginx/ssl/dhparams-4096.pem;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
|
|
|
|
ssl_certificate /etc/nginx/ssl/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
|
|
|
|
|
2019-01-21 01:14:45 +00:00
|
|
|
ssl_client_certificate /srv/PKI/shared/ca.pem;
|
|
|
|
ssl_trusted_certificate /srv/PKI/shared/ca.pem;
|
|
|
|
ssl_verify_client optional;
|
|
|
|
|
2018-12-10 01:16:07 +00:00
|
|
|
root /srv/htdocs-frontend/;
|
|
|
|
|
|
|
|
error_page 401 /welcome.html;
|
|
|
|
error_page 403 404 /e404.html;
|
|
|
|
error_page 413 /e413.html;
|
|
|
|
error_page 500 502 504 /e500.html;
|
|
|
|
|
|
|
|
add_header Strict-Transport-Security max-age=31536000;
|
2019-01-19 11:15:47 +00:00
|
|
|
add_header X-Frame-Options deny;
|
|
|
|
add_header Content-Security-Policy "script-src 'unsafe-inline' 'self' 'unsafe-eval'; img-src 'self' data:; style-src 'unsafe-inline' 'self'; font-src 'self'; default-src 'self'";
|
|
|
|
add_header X-Xss-Protection "1; mode=block";
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
add_header Referrer-Policy strict-origin;
|
2020-01-28 15:21:23 +00:00
|
|
|
add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'";
|
2018-12-10 01:16:07 +00:00
|
|
|
|
|
|
|
location = / {
|
|
|
|
include fic-auth.conf;
|
|
|
|
}
|
2019-01-17 06:53:32 +00:00
|
|
|
location = /auth {
|
|
|
|
internal;
|
|
|
|
proxy_pass https://163.5.55.58/remote.php/webdav/;
|
|
|
|
proxy_pass_request_body off;
|
|
|
|
proxy_set_header Host "owncloud.srs.epita.fr";
|
|
|
|
proxy_set_header Content-Length "";
|
|
|
|
proxy_set_header X-Original-URI $request_uri;
|
|
|
|
}
|
2018-12-10 01:16:07 +00:00
|
|
|
location = /index.html {
|
|
|
|
include fic-auth.conf;
|
|
|
|
}
|
|
|
|
location = /welcome.html {
|
|
|
|
internal;
|
|
|
|
if ($http_accept ~ "^application/json") {
|
|
|
|
rewrite ^/(.*).html$ /$1.json;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
location = /e404.html {
|
|
|
|
internal;
|
|
|
|
if ($http_accept ~ "^application/json") {
|
|
|
|
rewrite ^/(.*).html$ /$1.json;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
location = /e413.html {
|
|
|
|
internal;
|
|
|
|
if ($http_accept ~ "^application/json") {
|
|
|
|
rewrite ^/(.*).html$ /$1.json;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
location = /e500.html {
|
|
|
|
internal;
|
|
|
|
if ($http_accept ~ "^application/json") {
|
|
|
|
rewrite ^/(.*).html$ /$1.json;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-09-03 13:26:23 +00:00
|
|
|
location ~ ^/([A-Z]|_/) {
|
2018-12-10 01:16:07 +00:00
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /edit {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
|
|
}
|
2020-01-24 19:04:46 +00:00
|
|
|
location /issues {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
|
|
}
|
2018-12-10 01:16:07 +00:00
|
|
|
location /rank {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
|
|
}
|
|
|
|
location /tags/ {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
|
|
}
|
|
|
|
location /register {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
|
|
}
|
|
|
|
location /rules {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /files/ {
|
|
|
|
alias /srv/FILES/;
|
|
|
|
sendfile on;
|
|
|
|
tcp_nodelay on;
|
2022-11-24 13:44:17 +00:00
|
|
|
gzip_static always;
|
2018-12-10 01:16:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
location /wait.json {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
root /srv/TEAMS/$team/;
|
|
|
|
expires epoch;
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
}
|
|
|
|
location /stats.json {
|
|
|
|
root /srv/TEAMS/;
|
|
|
|
expires epoch;
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
}
|
|
|
|
location /my.json {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
root /srv/TEAMS/$team/;
|
|
|
|
expires epoch;
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
|
|
|
|
if (!-f /srv/startingblock/started) {
|
|
|
|
rewrite ^/.* /wait.json;
|
|
|
|
}
|
|
|
|
}
|
2020-01-23 15:03:31 +00:00
|
|
|
location /issues.json {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
root /srv/TEAMS/$team/;
|
|
|
|
expires epoch;
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
}
|
2022-06-06 12:40:18 +00:00
|
|
|
location /scores.json {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
root /srv/TEAMS/$team/;
|
|
|
|
expires epoch;
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
}
|
2018-12-10 01:16:07 +00:00
|
|
|
location = /events.json {
|
|
|
|
root /srv/TEAMS/;
|
|
|
|
expires epoch;
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
}
|
|
|
|
location = /teams.json {
|
|
|
|
root /srv/TEAMS/;
|
|
|
|
expires epoch;
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
}
|
|
|
|
location = /themes.json {
|
|
|
|
root /srv/TEAMS/;
|
|
|
|
expires epoch;
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
}
|
2022-05-01 20:33:59 +00:00
|
|
|
location = /challenge.json {
|
|
|
|
root /srv/SETTINGSDIST/;
|
|
|
|
expires epoch;
|
|
|
|
add_header X-FIC-time $msec;
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
}
|
2018-12-10 01:16:07 +00:00
|
|
|
location = /settings.json {
|
2020-01-23 12:06:39 +00:00
|
|
|
root /srv/SETTINGSDIST/;
|
2018-12-10 01:16:07 +00:00
|
|
|
expires epoch;
|
|
|
|
add_header X-FIC-time $msec;
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /submit/ {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
2023-07-09 18:40:53 +00:00
|
|
|
proxy_pass http://receiver:8080/submission;
|
2018-12-10 01:16:07 +00:00
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
2021-02-05 15:57:23 +00:00
|
|
|
proxy_set_header X-FIC-Team $team;
|
2018-12-10 01:16:07 +00:00
|
|
|
proxy_redirect off;
|
|
|
|
}
|
2021-08-30 17:43:35 +00:00
|
|
|
location /issue {
|
2020-01-20 14:56:02 +00:00
|
|
|
include fic-auth.conf;
|
|
|
|
|
2023-07-09 18:40:53 +00:00
|
|
|
proxy_pass http://receiver:8080;
|
2020-01-20 14:56:02 +00:00
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
2021-02-05 15:57:23 +00:00
|
|
|
proxy_set_header X-FIC-Team $team;
|
2020-01-20 14:56:02 +00:00
|
|
|
proxy_redirect off;
|
|
|
|
}
|
2021-08-30 17:43:35 +00:00
|
|
|
location /chname {
|
2018-12-10 01:16:07 +00:00
|
|
|
include fic-auth.conf;
|
|
|
|
|
2023-07-09 18:40:53 +00:00
|
|
|
proxy_pass http://receiver:8080;
|
2018-12-10 01:16:07 +00:00
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
2021-02-05 15:57:23 +00:00
|
|
|
proxy_set_header X-FIC-Team $team;
|
2018-12-10 01:16:07 +00:00
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
location /registration {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
2023-07-09 18:40:53 +00:00
|
|
|
proxy_pass http://receiver:8080;
|
2018-12-10 01:16:07 +00:00
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
2021-02-05 15:57:23 +00:00
|
|
|
proxy_set_header X-FIC-Team $team;
|
2018-12-10 01:16:07 +00:00
|
|
|
proxy_redirect off;
|
|
|
|
}
|
2023-11-04 20:14:16 +00:00
|
|
|
location /reset_progress {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
|
|
|
proxy_pass http://receiver:8080;
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
proxy_set_header X-FIC-Team $team;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
2018-12-10 01:16:07 +00:00
|
|
|
location /openhint/ {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
2023-07-09 18:40:53 +00:00
|
|
|
proxy_pass http://receiver:8080;
|
2018-12-10 01:16:07 +00:00
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
2021-02-05 15:57:23 +00:00
|
|
|
proxy_set_header X-FIC-Team $team;
|
2018-12-10 01:16:07 +00:00
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
location /wantchoices/ {
|
|
|
|
include fic-auth.conf;
|
|
|
|
|
2023-07-09 18:40:53 +00:00
|
|
|
proxy_pass http://receiver:8080;
|
2018-12-10 01:16:07 +00:00
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
2021-02-05 15:57:23 +00:00
|
|
|
proxy_set_header X-FIC-Team $team;
|
2018-12-10 01:16:07 +00:00
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
}
|