server { listen 80; server_name _; gzip_min_length 1000; gzip_buffers 4 8k; gzip_http_version 1.0; gzip_disable "msie6"; gzip_types text/plain text/css application/json; gzip_vary on; index index.html; server_tokens off; client_max_body_size 12288m; client_body_timeout 1800; # sub instances include "/opt/wapt/conf/wapt.d/*.conf"; location /static { alias "/opt/wapt/waptserver/static"; } location /ssl { alias "/var/www/html/ssl"; } # not protected URL location ~ ^/(wapt/waptsetup.*.exe|wapt/waptagent/.*|wapt/waptagent.exe|wapt/waptdeploy.exe|sync.json|rules.json|licences.json)$ { add_header Cache-Control "store, no-cache, must-revalidate, post-check=0, pre-check=0"; add_header Pragma "no-cache"; root "/var/www/html"; } # not protected URL location /wads { alias "/var/www/html/wads"; } # SSL protected URL location ~ ^/(wapt/.*|waptwua/.*|wapt-diff-repos/.*)$ { add_header Cache-Control "store, no-cache, must-revalidate, post-check=0, pre-check=0"; add_header Pragma "no-cache"; # be sure these headers are not forwarded proxy_set_header X-Ssl-Client-Dn ""; proxy_set_header X-Ssl-Authenticated ""; root "/var/www/html"; } # we don't want to expose our list of computers in case someone scan this folder. location /wapt-host/Packages { return 403; } location ~ ^/(wapt-host/.*)$ { log_not_found off; add_header Cache-Control "store, no-cache, must-revalidate, post-check=0, pre-check=0"; add_header Pragma "no-cache"; # be sure these headers are not forwarded proxy_set_header X-Ssl-Client-Dn ""; proxy_set_header X-Ssl-Authenticated ""; root "/var/www/html"; } location ~ ^/.*_kerberos$ { return 403; } location / { add_header X-Remote-IP $remote_addr; proxy_http_version 1.1; proxy_request_buffering off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:8080; } location /socket.io { proxy_http_version 1.1; proxy_request_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_pass http://127.0.0.1:8080/socket.io; } }