server_tokens off; proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g; proxy_connect_timeout 1s; server { listen 80 default; listen [::]:80 default; root /home/fic/frontend-htdocs/; error_page 401 /welcome.html; error_page 403 404 /e404.html; error_page 413 404 /e413.html; error_page 500 502 504 /e500.html; location = / { auth_pam "Secure Zone"; auth_pam_service_name "nginx-srs"; } location = /index.html { auth_pam "Secure Zone"; auth_pam_service_name "nginx-srs"; } location ~ ^/[0-9] { rewrite ^/.*$ /index.html; } location /edit { rewrite ^/.*$ /index.html; } location /rank { rewrite ^/.*$ /index.html; } location /files/ { alias /home/fic/FILES/; tcp_nodelay on; } location /wait.json { auth_pam "Secure Zone"; auth_pam_service_name "nginx-srs"; include /etc/nginx/auth.conf; root /home/fic/TEAMS/$team/; expires epoch; add_header Cache-Control no-cache; } location /public.json { root /home/fic/TEAMS/; expires epoch; add_header Cache-Control no-cache; } location /stats.json { root /home/fic/TEAMS/; expires epoch; add_header Cache-Control no-cache; } location /my.json { auth_pam "Secure Zone"; auth_pam_service_name "nginx-srs"; include /etc/nginx/auth.conf; root /home/fic/TEAMS/$team/; expires epoch; add_header Cache-Control no-cache; if (!-f $document_root/../started) { rewrite ^/ /wait.json; } } location /teams.json { root /home/fic/TEAMS/; expires epoch; add_header Cache-Control no-cache; } location /themes.json { root /home/fic/TEAMS/; expires epoch; add_header Cache-Control no-cache; } location /api/ { auth_pam "Secure Zone"; auth_pam_service_name "nginx-srs"; if ($remote_user !~ "^nemunaire|bombal_s$") { return 403; } proxy_pass http://localhost:8081/admin/api/; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host localhost; proxy_redirect off; } location /admin/ { auth_pam "Secure Zone"; auth_pam_service_name "nginx-srs"; if ($remote_user !~ "^nemunaire|bombal_s$") { return 403; } proxy_pass http://localhost:8081; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host localhost; proxy_redirect off; } location /submit/ { auth_pam "Secure Zone"; auth_pam_service_name "nginx-srs"; include /etc/nginx/auth.conf; rewrite ^/submit/(.*)$ /submission/$team/$1 break; proxy_pass http://localhost:8080/; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host localhost; proxy_redirect off; } location /submit/name { auth_pam "Secure Zone"; auth_pam_service_name "nginx-srs"; include /etc/nginx/auth.conf; rewrite ^/submit/.*$ /chname/$team break; proxy_pass http://localhost:8080/; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host localhost; proxy_redirect off; } location /openhint/ { auth_pam "Secure Zone"; auth_pam_service_name "nginx-srs"; include /etc/nginx/auth.conf; rewrite ^/openhint/(.*)$ /openhint/$team/$1 break; proxy_pass http://localhost:8080/; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host localhost; proxy_redirect off; } location = /time.json { proxy_pass http://localhost:8080/time.json; proxy_method GET; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host localhost; proxy_redirect off; proxy_cache STATIC; proxy_cache_valid 1s; } location = /events.json { proxy_pass http://localhost:8081/api/events; proxy_method GET; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host localhost; proxy_redirect off; proxy_cache STATIC; proxy_cache_valid 3s; } }