server { listen 80 default; listen [::]:80 default; rewrite ^ https://$server_name$request_uri permanent; } server { listen 443 default ssl http2; listen [::]:443 default ssl http2; ssl_protocols TLSv1.2 TLSv1.3; #ssl_dhparam ; ssl_prefer_server_ciphers on; ssl_certificate /etc/nginx/ssl/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/privkey.pem; ssl_trusted_certificate /srv/PKI/cacert.pem; ssl_verify_client optional; ssl_crl /srv/PKI/crl.pem; root /srv/htdocs-frontend/; error_page 401 /welcome.html; error_page 403 404 /e404.html; error_page 413 /e413.html; error_page 500 502 504 /e500.html; add_header Strict-Transport-Security max-age=31536000; location = / { include fic-auth.conf; } location = /index.html { include fic-auth.conf; } location ~ ^/public[0-9].html { rewrite ^ /public.html; } location = /welcome.html { internal; } location = /e404.html { internal; } location = /e413.html { internal; } location = /e500.html { internal; } location ~ ^/[0-9] { include fic-auth.conf; rewrite ^/.*$ /index.html; } location /edit { include fic-auth.conf; rewrite ^/.*$ /index.html; } location /rank { include fic-auth.conf; rewrite ^/.*$ /index.html; } location /register { include fic-auth.conf; rewrite ^/.*$ /index.html; } location /rules { include fic-auth.conf; rewrite ^/.*$ /index.html; } location /files/ { alias /srv/FILES/; sendfile on; tcp_nodelay on; } location /wait.json { include fic-auth.conf; root /srv/TEAMS/$team/; expires epoch; add_header Cache-Control no-cache; } location /public.json { root /srv/TEAMS/; expires epoch; add_header Cache-Control no-cache; } location /stats.json { root /srv/TEAMS/; expires epoch; add_header Cache-Control no-cache; } location /my.json { include fic-auth.conf; root /srv/TEAMS/$team/; expires epoch; add_header Cache-Control no-cache; if (!-f $document_root/../SETTINGS/started) { rewrite ^/.* /wait.json; } } location = /events.json { root /srv/TEAMS/; expires epoch; add_header Cache-Control no-cache; } location = /teams.json { root /srv/TEAMS/; expires epoch; add_header Cache-Control no-cache; } location = /themes.json { root /srv/TEAMS/; expires epoch; add_header Cache-Control no-cache; } location /submit/ { include fic-auth.conf; rewrite ^/submit/(.*)$ /submission/$team/$1 break; proxy_pass http://frontend:8080/; proxy_set_header X-Forwarded-For $remote_addr; proxy_redirect off; } location /submit/name { include fic-auth.conf; rewrite ^/submit/.*$ /chname/$team break; proxy_pass http://frontend:8080/; proxy_set_header X-Forwarded-For $remote_addr; proxy_redirect off; } location /openhint/ { include fic-auth.conf; rewrite ^/openhint/(.*)$ /openhint/$team/$1 break; proxy_pass http://frontend:8080/; proxy_set_header X-Forwarded-For $remote_addr; proxy_redirect off; } location = /time.json { proxy_pass http://frontend:8080/time.json; proxy_method GET; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header X-Forwarded-For $remote_addr; proxy_redirect off; proxy_cache STATIC; proxy_cache_valid 1s; } }