Created
May 21, 2025 12:54
-
-
Save neomantra/6f87bbc719232dd4c50d24fb74398def to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| events { | |
| worker_connections 4096; ## Default: 1024 | |
| } | |
| http { | |
| # DEBUG: | |
| map $uri $proxy_uri_base { | |
| "~/crypto-proxy/(?<proxy_base>[^/]*)" $proxy_base; | |
| default $uri; | |
| } | |
| resolver 8.8.8.8; # may or may not be necessary. | |
| error_log /var/log/nginx/error.log debug; | |
| server { | |
| listen 80; | |
| listen 443 default_server ssl; | |
| server_name proxy-test.neomantra.com; | |
| # https://stackoverflow.com/questions/38375588/nginx-reverse-proxy-to-heroku-fails-ssl-handshake | |
| proxy_ssl_server_name on; | |
| ssl_certificate /etc/nginx/ssl/cert.pem; | |
| ssl_certificate_key /etc/nginx/ssl/privkey.pem; | |
| location ~ /crypto-proxy/(?<proxy_dest>.*)$ { | |
| set $accept_origin 0; | |
| if ($http_origin ~* '^https?:\/\/(localhost:[0-9]+|viz-test\.neomantra\.com|viz\.neomantra\.com)') { | |
| set $accept_origin 1; | |
| } | |
| if ($accept_origin = 0) { | |
| return 403; | |
| } | |
| if ($request_method = 'OPTIONS') { | |
| add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE'; | |
| add_header Access-Control-Allow-Origin $http_origin; | |
| # | |
| # Custom headers and headers various browsers *should* be OK with but aren't | |
| # | |
| add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-GEMINI-SIGNATURE,X-GEMINI-PAYLOAD,X-GEMINI-APIKEY,cb-access-key,cb-access-timestamp,cb-version,cb-access-sign,CB-ACCESS-PASSPHRASE'; | |
| # | |
| # Tell client that this pre-flight info is valid for 20 days | |
| # | |
| add_header 'Access-Control-Max-Age' 1728000; | |
| add_header 'Content-Type' 'text/plain; charset=utf-8'; | |
| add_header 'Content-Length' 0; | |
| return 204; | |
| } | |
| if ($request_method = 'POST') { | |
| add_header 'Access-Control-Allow-Origin' ''; | |
| add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE'; | |
| add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-GEMINI-SIGNATURE,X-GEMINI-PAYLOAD,X-GEMINI-APIKEY,cb-access-key,cb-access-timestamp,cb-version,cb-access-sign,CB-ACCESS-PASSPHRASE'; | |
| add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; | |
| } | |
| if ($request_method = 'GET') { | |
| add_header 'Access-Control-Allow-Origin' ''; | |
| # add_header Access-Control-Allow-Origin $http_origin; | |
| add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE'; | |
| add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-GEMINI-SIGNATURE,X-GEMINI-PAYLOAD,X-GEMINI-APIKEY,cb-access-key,cb-access-timestamp,cb-version,cb-access-sign,CB-ACCESS-PASSPHRASE'; | |
| add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; | |
| } | |
| if ($request_method = 'DELETE') { | |
| add_header 'Access-Control-Allow-Origin' ''; | |
| # add_header Access-Control-Allow-Origin $http_origin; | |
| add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE'; | |
| add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-GEMINI-SIGNATURE,X-GEMINI-PAYLOAD,X-GEMINI-APIKEY,cb-access-key,cb-access-timestamp,cb-version,cb-access-sign,CB-ACCESS-PASSPHRASE'; | |
| add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; | |
| } | |
| proxy_pass https://$proxy_dest$is_args$args; | |
| proxy_intercept_errors on; | |
| error_page 301 302 307 = @handle_redirect; | |
| } | |
| location @handle_redirect { | |
| add_header Access-Control-Allow-Origin $http_origin; | |
| add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE'; | |
| add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-GEMINI-SIGNATURE,X-GEMINI-PAYLOAD,X-GEMINI-APIKEY,cb-access-key,cb-access-timestamp,cb-version,cb-access-sign,CB-ACCESS-PASSPHRASE'; | |
| add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; | |
| set $saved_redirect_location '$upstream_http_location'; | |
| proxy_pass $scheme://$proxy_uri_base$saved_redirect_location; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment