Revision of ADDIE Nginx Configuration

1

+

user www-data;

2

+

worker_processes auto;

3

+

pid /run/nginx.pid;

4

+

include /etc/nginx/modules-enabled/*.conf;

5

+

error_log /var/log/nginx/error.log;

6

+

7

+

include /usr/share/nginx/modules/*.conf;

8

+

9

+

events {

10

+

worker_connections 1024;

11

+

# multi_accept on;

12

+

}

13

+

14

+

http {

15

+

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

16

+

'$status $body_bytes_sent "$http_referer" '

17

+

'"$http_user_agent" "$http_x_forwarded_for"';

18

+

19

+

client_max_body_size 200M;

20

+

sendfile on;

21

+

tcp_nopush on;

22

+

tcp_nodelay on;

23

+

keepalive_timeout 65;

24

+

types_hash_max_size 2048;

25

+

26

+

# add_header X-Frame-Options sameorigin always;

27

+

# add_header X-Frame-Options SAMEORIGIN always;

28

+

add_header X-Frame-Options DENY;

29

+

30

+

include /etc/nginx/mime.types;

31

+

default_type application/octet-stream;

32

+

33

+

ssl_protocols TLSv1.3 TLSv1.2;

34

+

ssl_prefer_server_ciphers on;

35

+

36

+

access_log /var/log/nginx/access.log;

37

+

error_log /var/log/nginx/error.log;

38

+

39

+

include /etc/nginx/conf.d/*.conf;

40

+

41

+

server {

42

+

listen 80;

43

+

server_name addie.ornl.gov;

44

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

45

+

add_header X-Frame-Options DENY;

46

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

47

+

add_header X-Frame-Options "SAMEORIGIN";

48

+

return 301 https://addie.ornl.gov$request_uri;

49

+

}

50

+

51

+

map $http_upgrade $connection_upgrade {

52

+

default upgrade;

53

+

'' close;

54

+

}

55

+

56

+

server {

57

+

listen 443 ssl;

58

+

server_name addie.ornl.gov;

59

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

60

+

add_header X-Frame-Options DENY;

61

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

62

+

add_header X-Frame-Options "SAMEORIGIN";

63

+

return 301 https://addie.ornl.gov$request_uri;

64

+

}

65

+

66

+

map $http_upgrade $connection_upgrade {

67

+

default upgrade;

68

+

'' close;

69

+

}

70

+

71

+

server {

72

+

listen 443 ssl;

73

+

server_name addie.ornl.gov;

74

+

root /usr/share/nginx/html;

75

+

76

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

77

+

# add_header X-Frame-Options SAMEORIGIN always;

78

+

# add_header X-Frame-Options sameorigin always;

79

+

add_header X-Frame-Options "DENY";

80

+

81

+

ssl_certificate "/home/cloud/packages/addie/certs/addie.pem";

82

+

ssl_certificate_key "/home/cloud/packages/addie/certs/addie.key";

83

+

84

+

location / {

85

+

proxy_pass http://localhost:5000;

86

+

proxy_set_header Host $host;

87

+

proxy_set_header X-Real-IP $remote_addr;

88

+

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

89

+

proxy_set_header X-Forwarded-Proto $scheme;

90

+

proxy_pass_request_headers on;

91

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

92

+

add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;

93

+

add_header Pragma "no-cache" always;

94

+

add_header Expires "0" always;

95

+

add_header X-Frame-Options "SAMEORIGIN";

96

+

add_header X-Frame-Options "DENY" always;

97

+

proxy_set_header X-Frame-Options "SAMEORIGIN";

98

+

# include uwsgi_params;

99

+

# uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;

100

+

}

101

+

102

+

error_page 404 /404.html;

103

+

location = /404.html {

104

+

}

105

+

106

+

error_page 500 502 503 504 /50x.html;

107

+

location = /50x.html {

108

+

}

109

+

}

110

+

111

+

server {

112

+

listen 80;

113

+

server_name slash.ornl.gov;

114

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

115

+

add_header X-Frame-Options DENY;

116

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

117

+

add_header X-Frame-Options "SAMEORIGIN";

118

+

return 301 https://slash.ornl.gov$request_uri;

119

+

}

120

+

121

+

map $http_upgrade $connection_upgrade {

122

+

default upgrade;

123

+

'' close;

124

+

}

125

+

126

+

server {

127

+

listen 443 ssl;

128

+

server_name slash.ornl.gov;

129

+

root /usr/share/nginx/html;

130

+

131

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

132

+

# add_header X-Frame-Options SAMEORIGIN always;

133

+

# add_header X-Frame-Options sameorigin always;

134

+

add_header X-Frame-Options "DENY";

135

+

136

+

ssl_certificate "/home/cloud/packages/slash/slash.pem";

137

+

ssl_certificate_key "/home/cloud/packages/slash/slash.key";

138

+

139

+

location / {

140

+

proxy_pass http://localhost:5231;

141

+

proxy_set_header Host $host;

142

+

proxy_set_header X-Real-IP $remote_addr;

143

+

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

144

+

proxy_set_header X-Forwarded-Proto $scheme;

145

+

proxy_pass_request_headers on;

146

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

147

+

add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;

148

+

add_header Pragma "no-cache" always;

149

+

add_header Expires "0" always;

150

+

add_header X-Frame-Options "SAMEORIGIN";

151

+

add_header X-Frame-Options "DENY" always;

152

+

proxy_set_header X-Frame-Options "SAMEORIGIN";

153

+

# include uwsgi_params;

154

+

# uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;

155

+

}

156

+

157

+

error_page 404 /404.html;

158

+

location = /404.html {

159

+

}

160

+

161

+

error_page 500 502 503 504 /50x.html;

162

+

location = /50x.html {

163

+

}

164

+

}

165

+

166

+

server {

167

+

listen 80;

168

+

server_name tmapper.ornl.gov;

169

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

170

+

add_header X-Frame-Options DENY;

171

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

172

+

add_header X-Frame-Options "SAMEORIGIN";

173

+

return 301 https://tmapper.ornl.gov$request_uri;

174

+

}

175

+

176

+

map $http_upgrade $connection_upgrade {

177

+

default upgrade;

178

+

'' close;

179

+

}

180

+

181

+

server {

182

+

listen 443 ssl;

183

+

server_name tmapper.ornl.gov;

184

+

root /usr/share/nginx/html;

185

+

186

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

187

+

# add_header X-Frame-Options SAMEORIGIN always;

188

+

# add_header X-Frame-Options sameorigin always;

189

+

add_header X-Frame-Options "DENY";

190

+

191

+

ssl_certificate "/home/cloud/packages/teammapper/tmapper.pem";

192

+

ssl_certificate_key "/home/cloud/packages/teammapper/tmapper.key";

193

+

194

+

location / {

195

+

proxy_pass http://localhost:8089;

196

+

proxy_set_header Host $host;

197

+

proxy_set_header X-Real-IP $remote_addr;

198

+

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

199

+

proxy_set_header X-Forwarded-Proto $scheme;

200

+

proxy_pass_request_headers on;

201

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

202

+

add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;

203

+

add_header Pragma "no-cache" always;

204

+

add_header Expires "0" always;

205

+

add_header X-Frame-Options "SAMEORIGIN";

206

+

add_header X-Frame-Options "DENY" always;

207

+

proxy_set_header X-Frame-Options "SAMEORIGIN";

208

+

# include uwsgi_params;

209

+

# uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;

210

+

}

211

+

212

+

error_page 404 /404.html;

213

+

location = /404.html {

214

+

}

215

+

216

+

error_page 500 502 503 504 /50x.html;

217

+

location = /50x.html {

218

+

}

219

+

}

220

+

221

+

server {

222

+

listen 80;

223

+

server_name rally.ornl.gov;

224

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

225

+

add_header X-Frame-Options DENY;

226

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

227

+

add_header X-Frame-Options "SAMEORIGIN";

228

+

return 301 https://rally.ornl.gov$request_uri;

229

+

}

230

+

231

+

map $http_upgrade $connection_upgrade {

232

+

default upgrade;

233

+

'' close;

234

+

}

235

+

236

+

server {

237

+

listen 443 ssl;

238

+

server_name rally.ornl.gov;

239

+

root /usr/share/nginx/html;

240

+

241

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

242

+

# add_header X-Frame-Options SAMEORIGIN always;

243

+

# add_header X-Frame-Options sameorigin always;

244

+

add_header X-Frame-Options "DENY";

245

+

246

+

ssl_certificate "/home/cloud/packages/rallly-selfhosted/rally.pem";

247

+

ssl_certificate_key "/home/cloud/packages/rallly-selfhosted/rally.key";

248

+

249

+

location / {

250

+

proxy_pass http://localhost:3000;

251

+

proxy_set_header Host $host;

252

+

proxy_set_header X-Real-IP $remote_addr;

253

+

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

254

+

proxy_set_header X-Forwarded-Proto $scheme;

255

+

proxy_pass_request_headers on;

256

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

257

+

add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;

258

+

add_header Pragma "no-cache" always;

259

+

add_header Expires "0" always;

260

+

add_header X-Frame-Options "SAMEORIGIN";

261

+

add_header X-Frame-Options "DENY" always;

262

+

proxy_set_header X-Frame-Options "SAMEORIGIN";

263

+

# include uwsgi_params;

264

+

# uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;

265

+

}

266

+

267

+

error_page 404 /404.html;

268

+

location = /404.html {

269

+

}

270

+

271

+

error_page 500 502 503 504 /50x.html;

272

+

location = /50x.html {

273

+

}

274

+

}

275

+

276

+

server {

277

+

listen 80;

278

+

server_name addie-dev.ornl.gov;

279

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

280

+

add_header X-Frame-Options DENY;

281

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

282

+

add_header X-Frame-Options "SAMEORIGIN";

283

+

return 301 https://addie-dev.ornl.gov$request_uri;

284

+

}

285

+

286

+

map $http_upgrade $connection_upgrade {

287

+

default upgrade;

288

+

'' close;

289

+

}

290

+

291

+

server {

292

+

listen 443 ssl;

293

+

server_name addie-dev.ornl.gov;

294

+

root /usr/share/nginx/html;

295

+

296

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

297

+

# add_header X-Frame-Options SAMEORIGIN always;

298

+

# add_header X-Frame-Options sameorigin always;

299

+

add_header X-Frame-Options "DENY";

300

+

301

+

ssl_certificate "/home/cloud/packages/addie/certs_dev/addie.pem";

302

+

ssl_certificate_key "/home/cloud/packages/addie/certs_dev/addie.key";

303

+

304

+

location / {

305

+

proxy_pass http://localhost:6000;

306

+

proxy_set_header Host $host;

307

+

proxy_set_header X-Real-IP $remote_addr;

308

+

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

309

+

proxy_set_header X-Forwarded-Proto $scheme;

310

+

proxy_pass_request_headers on;

311

+

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;

312

+

add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;

313

+

add_header Pragma "no-cache" always;

314

+

add_header Expires "0" always;

315

+

add_header X-Frame-Options "SAMEORIGIN";

316

+

add_header X-Frame-Options "DENY" always;

317

+

proxy_set_header X-Frame-Options "SAMEORIGIN";

318

+

# include uwsgi_params;

319

+

# uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;

320

+

}

321

+

322

+

error_page 404 /404.html;

323

+

location = /404.html {

324

+

}

325

+

326

+

error_page 500 502 503 504 /50x.html;

327

+

location = /50x.html {

328

+

}

329

+

}

330

+

}

yuanpeng / ADDIE Nginx Configuration

yuanpeng revised this gist 1719843837. Go to revision

		@@ -0,0 +1,330 @@
1	+	user www-data;
2	+	worker_processes auto;
3	+	pid /run/nginx.pid;
4	+	include /etc/nginx/modules-enabled/*.conf;
5	+	error_log /var/log/nginx/error.log;
6	+
7	+	include /usr/share/nginx/modules/*.conf;
8	+
9	+	events {
10	+	worker_connections 1024;
11	+	# multi_accept on;
12	+	}
13	+
14	+	http {
15	+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
16	+	'$status $body_bytes_sent "$http_referer" '
17	+	'"$http_user_agent" "$http_x_forwarded_for"';
18	+
19	+	client_max_body_size 200M;
20	+	sendfile on;
21	+	tcp_nopush on;
22	+	tcp_nodelay on;
23	+	keepalive_timeout 65;
24	+	types_hash_max_size 2048;
25	+
26	+	# add_header X-Frame-Options sameorigin always;
27	+	# add_header X-Frame-Options SAMEORIGIN always;
28	+	add_header X-Frame-Options DENY;
29	+
30	+	include /etc/nginx/mime.types;
31	+	default_type application/octet-stream;
32	+
33	+	ssl_protocols TLSv1.3 TLSv1.2;
34	+	ssl_prefer_server_ciphers on;
35	+
36	+	access_log /var/log/nginx/access.log;
37	+	error_log /var/log/nginx/error.log;
38	+
39	+	include /etc/nginx/conf.d/*.conf;
40	+
41	+	server {
42	+	listen 80;
43	+	server_name addie.ornl.gov;
44	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
45	+	add_header X-Frame-Options DENY;
46	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
47	+	add_header X-Frame-Options "SAMEORIGIN";
48	+	return 301 https://addie.ornl.gov$request_uri;
49	+	}
50	+
51	+	map $http_upgrade $connection_upgrade {
52	+	default upgrade;
53	+	'' close;
54	+	}
55	+
56	+	server {
57	+	listen 443 ssl;
58	+	server_name addie.ornl.gov;
59	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
60	+	add_header X-Frame-Options DENY;
61	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
62	+	add_header X-Frame-Options "SAMEORIGIN";
63	+	return 301 https://addie.ornl.gov$request_uri;
64	+	}
65	+
66	+	map $http_upgrade $connection_upgrade {
67	+	default upgrade;
68	+	'' close;
69	+	}
70	+
71	+	server {
72	+	listen 443 ssl;
73	+	server_name addie.ornl.gov;
74	+	root /usr/share/nginx/html;
75	+
76	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
77	+	# add_header X-Frame-Options SAMEORIGIN always;
78	+	# add_header X-Frame-Options sameorigin always;
79	+	add_header X-Frame-Options "DENY";
80	+
81	+	ssl_certificate "/home/cloud/packages/addie/certs/addie.pem";
82	+	ssl_certificate_key "/home/cloud/packages/addie/certs/addie.key";
83	+
84	+	location / {
85	+	proxy_pass http://localhost:5000;
86	+	proxy_set_header Host $host;
87	+	proxy_set_header X-Real-IP $remote_addr;
88	+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
89	+	proxy_set_header X-Forwarded-Proto $scheme;
90	+	proxy_pass_request_headers on;
91	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
92	+	add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;
93	+	add_header Pragma "no-cache" always;
94	+	add_header Expires "0" always;
95	+	add_header X-Frame-Options "SAMEORIGIN";
96	+	add_header X-Frame-Options "DENY" always;
97	+	proxy_set_header X-Frame-Options "SAMEORIGIN";
98	+	# include uwsgi_params;
99	+	# uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;
100	+	}
101	+
102	+	error_page 404 /404.html;
103	+	location = /404.html {
104	+	}
105	+
106	+	error_page 500 502 503 504 /50x.html;
107	+	location = /50x.html {
108	+	}
109	+	}
110	+
111	+	server {
112	+	listen 80;
113	+	server_name slash.ornl.gov;
114	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
115	+	add_header X-Frame-Options DENY;
116	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
117	+	add_header X-Frame-Options "SAMEORIGIN";
118	+	return 301 https://slash.ornl.gov$request_uri;
119	+	}
120	+
121	+	map $http_upgrade $connection_upgrade {
122	+	default upgrade;
123	+	'' close;
124	+	}
125	+
126	+	server {
127	+	listen 443 ssl;
128	+	server_name slash.ornl.gov;
129	+	root /usr/share/nginx/html;
130	+
131	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
132	+	# add_header X-Frame-Options SAMEORIGIN always;
133	+	# add_header X-Frame-Options sameorigin always;
134	+	add_header X-Frame-Options "DENY";
135	+
136	+	ssl_certificate "/home/cloud/packages/slash/slash.pem";
137	+	ssl_certificate_key "/home/cloud/packages/slash/slash.key";
138	+
139	+	location / {
140	+	proxy_pass http://localhost:5231;
141	+	proxy_set_header Host $host;
142	+	proxy_set_header X-Real-IP $remote_addr;
143	+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
144	+	proxy_set_header X-Forwarded-Proto $scheme;
145	+	proxy_pass_request_headers on;
146	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
147	+	add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;
148	+	add_header Pragma "no-cache" always;
149	+	add_header Expires "0" always;
150	+	add_header X-Frame-Options "SAMEORIGIN";
151	+	add_header X-Frame-Options "DENY" always;
152	+	proxy_set_header X-Frame-Options "SAMEORIGIN";
153	+	# include uwsgi_params;
154	+	# uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;
155	+	}
156	+
157	+	error_page 404 /404.html;
158	+	location = /404.html {
159	+	}
160	+
161	+	error_page 500 502 503 504 /50x.html;
162	+	location = /50x.html {
163	+	}
164	+	}
165	+
166	+	server {
167	+	listen 80;
168	+	server_name tmapper.ornl.gov;
169	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
170	+	add_header X-Frame-Options DENY;
171	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
172	+	add_header X-Frame-Options "SAMEORIGIN";
173	+	return 301 https://tmapper.ornl.gov$request_uri;
174	+	}
175	+
176	+	map $http_upgrade $connection_upgrade {
177	+	default upgrade;
178	+	'' close;
179	+	}
180	+
181	+	server {
182	+	listen 443 ssl;
183	+	server_name tmapper.ornl.gov;
184	+	root /usr/share/nginx/html;
185	+
186	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
187	+	# add_header X-Frame-Options SAMEORIGIN always;
188	+	# add_header X-Frame-Options sameorigin always;
189	+	add_header X-Frame-Options "DENY";
190	+
191	+	ssl_certificate "/home/cloud/packages/teammapper/tmapper.pem";
192	+	ssl_certificate_key "/home/cloud/packages/teammapper/tmapper.key";
193	+
194	+	location / {
195	+	proxy_pass http://localhost:8089;
196	+	proxy_set_header Host $host;
197	+	proxy_set_header X-Real-IP $remote_addr;
198	+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
199	+	proxy_set_header X-Forwarded-Proto $scheme;
200	+	proxy_pass_request_headers on;
201	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
202	+	add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;
203	+	add_header Pragma "no-cache" always;
204	+	add_header Expires "0" always;
205	+	add_header X-Frame-Options "SAMEORIGIN";
206	+	add_header X-Frame-Options "DENY" always;
207	+	proxy_set_header X-Frame-Options "SAMEORIGIN";
208	+	# include uwsgi_params;
209	+	# uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;
210	+	}
211	+
212	+	error_page 404 /404.html;
213	+	location = /404.html {
214	+	}
215	+
216	+	error_page 500 502 503 504 /50x.html;
217	+	location = /50x.html {
218	+	}
219	+	}
220	+
221	+	server {
222	+	listen 80;
223	+	server_name rally.ornl.gov;
224	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
225	+	add_header X-Frame-Options DENY;
226	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
227	+	add_header X-Frame-Options "SAMEORIGIN";
228	+	return 301 https://rally.ornl.gov$request_uri;
229	+	}
230	+
231	+	map $http_upgrade $connection_upgrade {
232	+	default upgrade;
233	+	'' close;
234	+	}
235	+
236	+	server {
237	+	listen 443 ssl;
238	+	server_name rally.ornl.gov;
239	+	root /usr/share/nginx/html;
240	+
241	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
242	+	# add_header X-Frame-Options SAMEORIGIN always;
243	+	# add_header X-Frame-Options sameorigin always;
244	+	add_header X-Frame-Options "DENY";
245	+
246	+	ssl_certificate "/home/cloud/packages/rallly-selfhosted/rally.pem";
247	+	ssl_certificate_key "/home/cloud/packages/rallly-selfhosted/rally.key";
248	+
249	+	location / {
250	+	proxy_pass http://localhost:3000;
251	+	proxy_set_header Host $host;
252	+	proxy_set_header X-Real-IP $remote_addr;
253	+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
254	+	proxy_set_header X-Forwarded-Proto $scheme;
255	+	proxy_pass_request_headers on;
256	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
257	+	add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;
258	+	add_header Pragma "no-cache" always;
259	+	add_header Expires "0" always;
260	+	add_header X-Frame-Options "SAMEORIGIN";
261	+	add_header X-Frame-Options "DENY" always;
262	+	proxy_set_header X-Frame-Options "SAMEORIGIN";
263	+	# include uwsgi_params;
264	+	# uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;
265	+	}
266	+
267	+	error_page 404 /404.html;
268	+	location = /404.html {
269	+	}
270	+
271	+	error_page 500 502 503 504 /50x.html;
272	+	location = /50x.html {
273	+	}
274	+	}
275	+
276	+	server {
277	+	listen 80;
278	+	server_name addie-dev.ornl.gov;
279	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
280	+	add_header X-Frame-Options DENY;
281	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
282	+	add_header X-Frame-Options "SAMEORIGIN";
283	+	return 301 https://addie-dev.ornl.gov$request_uri;
284	+	}
285	+
286	+	map $http_upgrade $connection_upgrade {
287	+	default upgrade;
288	+	'' close;
289	+	}
290	+
291	+	server {
292	+	listen 443 ssl;
293	+	server_name addie-dev.ornl.gov;
294	+	root /usr/share/nginx/html;
295	+
296	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
297	+	# add_header X-Frame-Options SAMEORIGIN always;
298	+	# add_header X-Frame-Options sameorigin always;
299	+	add_header X-Frame-Options "DENY";
300	+
301	+	ssl_certificate "/home/cloud/packages/addie/certs_dev/addie.pem";
302	+	ssl_certificate_key "/home/cloud/packages/addie/certs_dev/addie.key";
303	+
304	+	location / {
305	+	proxy_pass http://localhost:6000;
306	+	proxy_set_header Host $host;
307	+	proxy_set_header X-Real-IP $remote_addr;
308	+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
309	+	proxy_set_header X-Forwarded-Proto $scheme;
310	+	proxy_pass_request_headers on;
311	+	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
312	+	add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;
313	+	add_header Pragma "no-cache" always;
314	+	add_header Expires "0" always;
315	+	add_header X-Frame-Options "SAMEORIGIN";
316	+	add_header X-Frame-Options "DENY" always;
317	+	proxy_set_header X-Frame-Options "SAMEORIGIN";
318	+	# include uwsgi_params;
319	+	# uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;
320	+	}
321	+
322	+	error_page 404 /404.html;
323	+	location = /404.html {
324	+	}
325	+
326	+	error_page 500 502 503 504 /50x.html;
327	+	location = /50x.html {
328	+	}
329	+	}
330	+	}