176 lines
4.5 KiB
Plaintext
176 lines
4.5 KiB
Plaintext
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
|
|
proxy_connect_timeout 1s;
|
|
|
|
server {
|
|
listen 80 default;
|
|
|
|
rewrite ^ https://$server_name$request_uri permanent;
|
|
}
|
|
|
|
server {
|
|
listen 443 default ssl http2;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_dhparam /etc/nginx/ssl/dhparams-4096.pem;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_certificate /etc/nginx/ssl/fullchain.pem;
|
|
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
|
|
|
|
ssl_client_certificate /srv/PKI/shared/ca.pem;
|
|
ssl_trusted_certificate /srv/PKI/shared/ca.pem;
|
|
ssl_verify_client optional;
|
|
|
|
root /srv/htdocs-frontend/;
|
|
|
|
error_page 401 /welcome.html;
|
|
error_page 403 404 /e404.html;
|
|
error_page 413 /e413.html;
|
|
error_page 500 502 504 /e500.html;
|
|
|
|
add_header Strict-Transport-Security max-age=31536000;
|
|
|
|
location = / {
|
|
include fic-auth.conf;
|
|
}
|
|
location = /index.html {
|
|
include fic-auth.conf;
|
|
}
|
|
location ~ ^/public[0-9].html {
|
|
rewrite ^ /public.html;
|
|
}
|
|
location = /welcome.html {
|
|
internal;
|
|
}
|
|
location = /e404.html {
|
|
internal;
|
|
}
|
|
location = /e413.html {
|
|
internal;
|
|
}
|
|
location = /e500.html {
|
|
internal;
|
|
}
|
|
|
|
location ~ ^/[A-Z] {
|
|
include fic-auth.conf;
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
}
|
|
|
|
location /edit {
|
|
include fic-auth.conf;
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
}
|
|
location /rank {
|
|
include fic-auth.conf;
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
}
|
|
location /register {
|
|
include fic-auth.conf;
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
}
|
|
location /rules {
|
|
include fic-auth.conf;
|
|
|
|
rewrite ^/.*$ /index.html;
|
|
}
|
|
|
|
location /files/ {
|
|
alias /srv/FILES/;
|
|
sendfile on;
|
|
tcp_nodelay on;
|
|
}
|
|
|
|
location /wait.json {
|
|
include fic-auth.conf;
|
|
|
|
root /srv/TEAMS/$team/;
|
|
expires epoch;
|
|
add_header Cache-Control no-cache;
|
|
}
|
|
location ~ /public[0-9].json {
|
|
root /srv/TEAMS/public/;
|
|
expires epoch;
|
|
add_header Cache-Control no-cache;
|
|
}
|
|
location /stats.json {
|
|
root /srv/TEAMS/;
|
|
expires epoch;
|
|
add_header Cache-Control no-cache;
|
|
}
|
|
location /my.json {
|
|
include fic-auth.conf;
|
|
|
|
root /srv/TEAMS/$team/;
|
|
expires epoch;
|
|
add_header Cache-Control no-cache;
|
|
|
|
if (!-f /srv/startingblock/started) {
|
|
rewrite ^/.* /wait.json;
|
|
}
|
|
}
|
|
location = /events.json {
|
|
root /srv/TEAMS/;
|
|
expires epoch;
|
|
add_header Cache-Control no-cache;
|
|
}
|
|
location = /teams.json {
|
|
root /srv/TEAMS/;
|
|
expires epoch;
|
|
add_header Cache-Control no-cache;
|
|
}
|
|
location = /themes.json {
|
|
root /srv/TEAMS/;
|
|
expires epoch;
|
|
add_header Cache-Control no-cache;
|
|
}
|
|
location = /settings.json {
|
|
root /srv/SETTINGS/;
|
|
expires epoch;
|
|
add_header Cache-Control no-cache;
|
|
}
|
|
|
|
location /submit/ {
|
|
include fic-auth.conf;
|
|
|
|
rewrite ^/submit/(.*)$ /submission/$team/$1 break;
|
|
|
|
proxy_pass http://frontend:8080/;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_redirect off;
|
|
}
|
|
location /submit/name {
|
|
include fic-auth.conf;
|
|
|
|
rewrite ^/submit/.*$ /chname/$team break;
|
|
|
|
proxy_pass http://frontend:8080/;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_redirect off;
|
|
}
|
|
location /openhint/ {
|
|
include fic-auth.conf;
|
|
|
|
rewrite ^/openhint/(.*)$ /openhint/$team/$1 break;
|
|
|
|
proxy_pass http://frontend:8080/;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_redirect off;
|
|
}
|
|
|
|
location = /time.json {
|
|
proxy_pass http://frontend:8080/time.json;
|
|
proxy_method GET;
|
|
proxy_pass_request_body off;
|
|
proxy_set_header Content-Length "";
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_redirect off;
|
|
proxy_cache STATIC;
|
|
proxy_cache_valid 1s;
|
|
}
|
|
}
|