nginx.conf

# Example config: https://github.com/h5bp/server-configs-nginx/

# Sets the worker threads to the number of CPU cores available in the system for
# best performance. Should be > the number of CPU cores.
# Maximum number of connections = worker_processes * worker_connections
# https://nginx.org/en/docs/ngx_core_module.html#worker_processes
worker_processes  auto;

# Provides the configuration file context in which the directives that affect
# connection processing are specified.
# https://nginx.org/en/docs/ngx_core_module.html#events
events {
    worker_connections  1024;
}

http {
    # don't send the nginx version number in error pages and Server header
    server_tokens off;

    # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
    # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
    # this particular website if it was disabled by the user.
    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
    add_header X-XSS-Protection "1; mode=block";


    # Timeout for reading the request body
    client_body_timeout 10;
    # Timeout for reading the request headers
    #client_header_timeout 10;
    # Timeout for sending a response to the client
    send_timeout 10;


    client_max_body_size 16M;

    server {
        listen      80;
        listen [::]:80;
        server_name ipts.innopolis.university localhost;

        access_log  http.access.log;
        error_log   http.error.log;


        location /api/v1 {
            proxy_pass http://backend:7507;
            location /api/v1/file/ {
                add_header X-Content-Type-Options nosniff;
                # A hack, but we force-convert everything to WebP, so should be fine
                add_header Content-Type image/webp;
                limit_except GET {}
                alias /www/media/;
            }
        }

        location ~ ^/(login|authorize|logout) {
            proxy_set_header Host $server_name;
            proxy_set_header X-Forwarded-Proto "https";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://backend:7507;
        }

        location / {
            proxy_pass http://frontend:3000/;
        }
    }
}