# map $request_uri $auth_result { # default ""; # ~^/api/ /auth_result; # } # log_format auth_request_log '$remote_addr - $remote_user [$time_local] ' # '"$request" $status $body_bytes_sent ' # '"$http_referer" "$http_user_agent" ' # '$auth_result'; server { listen ${LISTEN_ADDR}:${PORT} default_server; large_client_header_buffers 4 16k; root ${INSTALL_DIR}/front; index index.php; add_header X-Forwarded-Prefix "/app" always; proxy_set_header X-Forwarded-Prefix "/app"; # # Authentication endpoint # location = /auth { # internal; # proxy_pass http://127.0.0.1/php/templates/auth.php; # proxy_set_header Content-Length ""; # proxy_pass_request_body off; # } # # Whitelisting IP addresses and CORS for /api/ # location /api/ { # auth_request /auth; # access_log /var/log/nginx/auth_request.log auth_request_log; # # Enable CORS for specific frontend domain # add_header 'Access-Control-Allow-Origin' 'http://192.168.1.82:20211' always; # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; # add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always; # add_header 'Access-Control-Allow-Credentials' 'true' always; # if ($request_method = 'OPTIONS') { # return 204; # } # error_page 401 = @unauthorized; # # Other headers and configurations # try_files $uri $uri/ =404; # } # location @unauthorized { # return 401; # } location ~* \.php$ { # Set Cache-Control header to prevent caching on the first load add_header Cache-Control "no-store"; fastcgi_pass unix:/run/php/php8.3-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_connect_timeout 75; fastcgi_send_timeout 600; fastcgi_read_timeout 600; } }