ptbi-enketo-test.globalhealthapp.net

1. # You may add here your
2. # server {
3. #       ...
4. # }
5. # statements for each of your virtual hosts to this file
6.  
7. ##
8. # You should look at the following URL's in order to grasp a solid understanding
9. # of Nginx configuration files in order to fully unleash the power of Nginx.
10. # http://wiki.nginx.org/Pitfalls
11. # http://wiki.nginx.org/QuickStart
12. # http://wiki.nginx.org/Configuration
13. #
14. # Generally, you will want to move this file somewhere, and start with a clean
15. # file but keep this around for reference. Or just disable in sites-enabled.
16. #
17. # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
18. ##
19.  
20. server {
21.         listen     80;
22.         server_name    ptbi-enketo-test.globalhealthapp.net;
23.         # rewrite    ^ https://<server-url>$request_uri? permanent;
24.         return         307 https://$server_name$request_uri;
25. }
26.  
27. server {
28.         #listen 80 default_server;
29.         #listen [::]:80 default_server ipv6only=on;
30.         listen 443 ssl;
31.         server_name    ptbi-enketo-test.globalhealthapp.net;
32.  
33.         #root /home/dhis/tomcat-dhis/webapps/ROOT;
34.         client_max_body_size 100M;
35.  
36.         # Make site accessible from http://localhost/
37.         server_name localhost;
38.  
39.         ssl                  on;
40.         ssl_certificate      /etc/nginx/ssl/server.crt;
41.         ssl_certificate_key  /etc/nginx/ssl/server.key;
42.  
43.         ssl_session_cache    shared:SSL:20m;
44.         ssl_session_timeout  10m;
45.  
46.         ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
47.         #ssl_ciphers                RC4:HIGH:!aNULL:!MD5;
48.         ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA';
49.  
50.         ssl_prefer_server_ciphers  on;
51.  
52.         add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
53.         # add_header Access-Control-Allow-Origin "https://ptbi-odk-test.globalhealthapp.net";
54.         add_header X-Content-Type-Options nosniff;
55.  
56.         ssl_stapling on;
57.         ssl_stapling_verify on;
58.         resolver 8.8.4.4 8.8.8.8 valid=300s;
59.         resolver_timeout 10s;
60.  
61.         # Serve static files
62.         #location ~ (\.js|\.css|\.gif|\.woff|\.ttf|\.eot|\.ico|(/dhis-web-commons/|/images/|/icons/).*\.png)$ {
63.         #       add_header  Cache-Control public;
64.         #       expires     1d;
65.         #}
66.  
67.         # Proxy pass to servlet container
68.         location / {
69.                 proxy_pass                http://localhost:8005;
70.                 proxy_redirect            off;
71.                 proxy_set_header          Host               $host;
72.                 proxy_set_header          X-Real-IP          $remote_addr;
73.                 proxy_set_header          X-Forwarded-For    $proxy_add_x_forwarded_for;
74.                 proxy_set_header          X-Forwarded-Proto  https;
75.                 #more_set_headers         Access-Control-Allow-Origin "https://ptbi-odk-test.globalhealthapp.net";
76.                 proxy_buffer_size         128k;
77.                 proxy_buffers             8 128k;
78.                 proxy_busy_buffers_size   256k;
79.  
80.  
81.              if ($request_method = 'OPTIONS') {
82.                 add_header 'Access-Control-Allow-Origin' '*';
83.                 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
84.                 #
85.                 # Custom headers and headers various browsers *should* be OK with but aren't
86.  #
87.                 add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
88.                 #
89.                 # Tell client that this pre-flight info is valid for 20 days
90.                 #
91.                 add_header 'Access-Control-Max-Age' 1728000;
92.                 add_header 'Content-Type' 'text/plain charset=UTF-8';
93.                 add_header 'Content-Length' 0;
94.                 return 204;
95.              }
96.              if ($request_method = 'POST') {
97.                 add_header 'Access-Control-Allow-Origin' 'ptbi-odk-test.globalhealthapp.net';
98.                 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
99.                 add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,OpenRosa-Version';
100.              }
101.              if ($request_method = 'GET') {
102.                 add_header 'Access-Control-Allow-Origin' 'ptbi-odk-test.globalhealthapp.net';
103.                 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
104.                 add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,OpenRosa-Version';
105.              }
106.  
107.  
108.         }
109.  
110.         #location / {
111.                 # First attempt to serve request as file, then
112.                 # as directory, then fall back to displaying a 404.
113.  
114.         #       try_files $uri $uri/ =404;
115.                 # Uncomment to enable naxsi on this location
116.                 # include /etc/nginx/naxsi.rules
117.         #}
118.  
119.         # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
120.         #location /RequestDenied {
121.         #       proxy_pass http://127.0.0.1:8080;    
122.         #}
123.  
124.         #error_page 404 /404.html;
125.  
126.         # redirect server error pages to the static page /50x.html
127.         #
128.         #error_page 500 502 503 504 /50x.html;
129.         #location = /50x.html {
130.         #       root /usr/share/nginx/html;
131.         #}
132.  
133.         # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
134.         #
135.         #location ~ \.php$ {
136.         #       fastcgi_split_path_info ^(.+\.php)(/.+)$;
137.         #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
138.         #
139.         #       # With php5-cgi alone:
140.         #       fastcgi_pass 127.0.0.1:9000;
141.         #       # With php5-fpm:
142.         #       fastcgi_pass unix:/var/run/php5-fpm.sock;
143.         #       fastcgi_index index.php;
144.         #       include fastcgi_params;
145.         #}
146.  
147.  
148.         # deny access to .htaccess files, if Apache's document root
149.  # concurs with nginx's one
150.         #
151.         #location ~ /\.ht {
152.         #       deny all;
153.         #}
154. }
155.  
156.  
157. # another virtual host using mix of IP-, name-, and port-based configuration
158. #
159. #server {
160. #       listen 8000;
161. #       listen somename:8080;
162. #       server_name somename alias another.alias;
163. #       root html;
164. #       index index.html index.htm;
165. #
166. #       location / {
167. #               try_files $uri $uri/ =404;
168. #       }
169. #}
170.  
171.  
172. # HTTPS server
173. #
174. #server {
175. #       listen 443;
176. #       server_name localhost;
177. #
178. #       root html;
179. #       index index.html index.htm;
180. #
181. #       ssl on;
182. #       ssl_certificate cert.pem;
183. #       ssl_certificate_key cert.key;
184. #
185. #       ssl_session_timeout 5m;
186. #
187. #       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
188. #       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
189. #       ssl_prefer_server_ciphers on;
190. #
191. #       location / {
192. #               try_files $uri $uri/ =404;
193. #       }
194. #}