user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; error_log /var/log/nginx/error.log; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; # multi_accept on; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; client_max_body_size 200M; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # add_header X-Frame-Options sameorigin always; # add_header X-Frame-Options SAMEORIGIN always; add_header X-Frame-Options DENY; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; include /etc/nginx/conf.d/*.conf; server { listen 80; server_name addie.ornl.gov; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options DENY; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options "SAMEORIGIN"; return 301 https://addie.ornl.gov$request_uri; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl; server_name addie.ornl.gov; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options DENY; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options "SAMEORIGIN"; return 301 https://addie.ornl.gov$request_uri; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl; server_name addie.ornl.gov; root /usr/share/nginx/html; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; # add_header X-Frame-Options SAMEORIGIN always; # add_header X-Frame-Options sameorigin always; add_header X-Frame-Options "DENY"; ssl_certificate "/home/cloud/packages/addie/certs/addie.pem"; ssl_certificate_key "/home/cloud/packages/addie/certs/addie.key"; location / { proxy_pass http://localhost:5000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass_request_headers on; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always; add_header Pragma "no-cache" always; add_header Expires "0" always; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "DENY" always; proxy_set_header X-Frame-Options "SAMEORIGIN"; # include uwsgi_params; # uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock; } error_page 404 /404.html; location = /404.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } server { listen 80; server_name slash.ornl.gov; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options DENY; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options "SAMEORIGIN"; return 301 https://slash.ornl.gov$request_uri; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl; server_name slash.ornl.gov; root /usr/share/nginx/html; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; # add_header X-Frame-Options SAMEORIGIN always; # add_header X-Frame-Options sameorigin always; add_header X-Frame-Options "DENY"; ssl_certificate "/home/cloud/packages/slash/slash.pem"; ssl_certificate_key "/home/cloud/packages/slash/slash.key"; location / { proxy_pass http://localhost:5231; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass_request_headers on; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always; add_header Pragma "no-cache" always; add_header Expires "0" always; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "DENY" always; proxy_set_header X-Frame-Options "SAMEORIGIN"; # include uwsgi_params; # uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock; } error_page 404 /404.html; location = /404.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } server { listen 80; server_name tmapper.ornl.gov; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options DENY; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options "SAMEORIGIN"; return 301 https://tmapper.ornl.gov$request_uri; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl; server_name tmapper.ornl.gov; root /usr/share/nginx/html; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; # add_header X-Frame-Options SAMEORIGIN always; # add_header X-Frame-Options sameorigin always; add_header X-Frame-Options "DENY"; ssl_certificate "/home/cloud/packages/teammapper/tmapper.pem"; ssl_certificate_key "/home/cloud/packages/teammapper/tmapper.key"; location / { proxy_pass http://localhost:8089; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass_request_headers on; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always; add_header Pragma "no-cache" always; add_header Expires "0" always; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "DENY" always; proxy_set_header X-Frame-Options "SAMEORIGIN"; # include uwsgi_params; # uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock; } error_page 404 /404.html; location = /404.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } server { listen 80; server_name rally.ornl.gov; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options DENY; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options "SAMEORIGIN"; return 301 https://rally.ornl.gov$request_uri; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl; server_name rally.ornl.gov; root /usr/share/nginx/html; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; # add_header X-Frame-Options SAMEORIGIN always; # add_header X-Frame-Options sameorigin always; add_header X-Frame-Options "DENY"; ssl_certificate "/home/cloud/packages/rallly-selfhosted/rally.pem"; ssl_certificate_key "/home/cloud/packages/rallly-selfhosted/rally.key"; location / { proxy_pass http://localhost:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass_request_headers on; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always; add_header Pragma "no-cache" always; add_header Expires "0" always; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "DENY" always; proxy_set_header X-Frame-Options "SAMEORIGIN"; # include uwsgi_params; # uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock; } error_page 404 /404.html; location = /404.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } server { listen 80; server_name addie-dev.ornl.gov; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options DENY; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header X-Frame-Options "SAMEORIGIN"; return 301 https://addie-dev.ornl.gov$request_uri; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl; server_name addie-dev.ornl.gov; root /usr/share/nginx/html; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; # add_header X-Frame-Options SAMEORIGIN always; # add_header X-Frame-Options sameorigin always; add_header X-Frame-Options "DENY"; ssl_certificate "/home/cloud/packages/addie/certs_dev/addie.pem"; ssl_certificate_key "/home/cloud/packages/addie/certs_dev/addie.key"; location / { proxy_pass http://localhost:6000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass_request_headers on; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always; add_header Pragma "no-cache" always; add_header Expires "0" always; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "DENY" always; proxy_set_header X-Frame-Options "SAMEORIGIN"; # include uwsgi_params; # uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock; } error_page 404 /404.html; location = /404.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } }