# This configuration works with the S2I image defined in https://github.com/BCDevOps/s2i-nginx # Allows non-standard headers like SMGOV_USERGUID ignore_invalid_headers off; proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; server { listen 8080; server_name _; gzip on; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js; gzip_comp_level 6; gzip_proxied any; gzip_vary on; client_max_body_size 12M; # default path location / { proxy_pass http://edivorce-django:8080; proxy_pass_request_headers on; proxy_cookie_domain ~(?P(justice.gov.bc.ca))$ "$domain; Secure"; # remove directories from incoming requests; rewrite ^/divorce$ / last; rewrite ^/divorce(.*)$ $1 last; } # block all external access to the anonymous Redis image handler used for image to PDF conversion in Weasyprint # e.g. /divorce/api/documents/a8eeb280-f063-47d4-ab01-919319d61866_smtp_png/0/ location ~* "^/divorce\/api\/documents\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}_\w+\/\d+" { return 403; } # static (no rewrite and add caching) location /divorce/static/ { expires 365d; add_header Cache-Control "public"; proxy_cache my_cache; proxy_cache_revalidate on; proxy_cache_min_uses 3; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_cache_lock on; proxy_pass http://edivorce-django:8080; proxy_pass_request_headers on; proxy_cookie_domain ~(?P(justice.gov.bc.ca))$ "$domain; Secure"; } # For status of ngnix service location /nginx_status { # Enable Nginx stats stub_status on; # No need to log this request, its just noise access_log off; } }