portal-nginx.conf 1.64 KB
Newer Older
1 2 3
server {
  listen __PORT__;
  server_name auth.__DNSDOMAIN__;
4
  root __PORTALSITEDIR__;
5

6 7 8 9 10
  if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
    rewrite ^/(.*)$ /index.psgi/$1 break;
  }

  location ~ \.psgi(?:$|/) {
Xavier Guimard's avatar
Xavier Guimard committed
11
    # Note that Content-Security-Policy header is generated by portal itself
12
    include /etc/nginx/fastcgi_params;
Xavier Guimard's avatar
Xavier Guimard committed
13
    fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
14
    fastcgi_param LLTYPE psgi;
15
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
Xavier Guimard's avatar
Xavier Guimard committed
16
    fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
17
    fastcgi_param PATH_INFO  $fastcgi_path_info;
Xavier Guimard's avatar
Xavier Guimard committed
18 19 20 21 22 23
    # Uncomment this if you use Auth SSL:
    #map $ssl_client_s_dn  $ssl_client_s_dn_cn {
    #  default           "";
    #  ~/CN=(?<CN>[^/]+) $CN;
    #}
    #fastcgi_param  SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn
24 25
  }

26
  index index.psgi;
27
  location / {
28 29 30 31
    try_files $uri $uri/ =404;

    # Uncomment this if you use https only
    #add_header Strict-Transport-Security "15768000";
32
  }
33

34 35 36 37
  location /static/ {
    alias __PORTALSTATICDIR__;
  }

Xavier Guimard's avatar
Xavier Guimard committed
38 39 40 41 42 43
  # SOAP functions for sessions management (disabled by default)
  location /index/adminSessions {
    deny all;
  }

  # SOAP functions for sessions access (disabled by default)
44
  location /index.psgi/sessions {
Xavier Guimard's avatar
Xavier Guimard committed
45 46 47 48
    deny all;
  }

  # SOAP functions for configuration access (disabled by default)
49
  location /index.psgi/config {
Xavier Guimard's avatar
Xavier Guimard committed
50 51 52 53
    deny all;
  }

  # SOAP functions for notification insertion (disabled by default)
54
  location /index.psgi/notification {
Xavier Guimard's avatar
Xavier Guimard committed
55 56
    deny all;
  }
57

58 59 60 61 62
  # DEBIAN
  # If install was made with USEDEBIANLIBS (official releases), uncomment this
  #location /javascript/ {
  #  alias /usr/share/javascript/;
  #}
63
}