default.config

server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;

# referece healthcheck file in nginx container /usr/share/nginx/html folder
location = /healthcheck {
}

  location /auth {
  proxy_pass http://localhost:9090/auth$is_args$args;
  proxy_redirect off;
}

location /loginToIdp {
  proxy_pass http://localhost:9090/login;
}

location /SFDCChangePassword  {
    return 302 https://dev-miscg.cs20.force.com/miptest/MIP_ForgotPassword;
}


location ~* /loggedIn {
    rewrite (.*)/loggedIn  https://dev.iv.example.com/$1 permanent;
}

location = /validate {
  internal;
  # forward the /validate request to Vouch Proxy
  proxy_pass http://localhost:9090;

  # be sure to pass the original host header
  proxy_set_header Host dev.iv.example.com;

  # Vouch Proxy only acts on the request headers
  proxy_pass_request_body off;
  proxy_set_header Content-Length "";

  # optionally add X-Vouch-User as returned by Vouch Proxy along with the request
  auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;

  # these return values are used by the @error401 call
  auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
  auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
  auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;

}

# if validate returns `401 not authorized` then forward the request to the error401block
error_page 401 = @error401;

location @error401 {
    # redirect to Vouch Proxy for login
     return 302  http://dev.iv.example.com/loginToIdp?url=https://dev.iv.example.com$request_uri/loggedIn&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err;

      }

location ~/api/spg/administration/(.*) {
    # return 301 http://apidns:8084/administration/$1;
    proxy_http_version 1.1;
    auth_request /validate;
    proxy_pass http://apidns:8084/administration/$1?$query_string;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location ~/api/research/document/(.*) {
    proxy_http_version 1.1;
    auth_request /validate;
    proxy_pass http://apidns:8081/api/mdc/pdf?docId=$1&alt=pdf;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location ~/api/search/(.*) {
    proxy_http_version 1.1;
    auth_request /validate;
    proxy_pass http://apidns:8081/api/mdc/research?$query_string;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location ~/api/profile/(.*) {
    proxy_http_version 1.1;
    auth_request /validate;
    proxy_pass http://apidns:8081/api/sfdc/employee?$query_string;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location ~/api/team/(.*) {
    proxy_http_version 1.1;
    auth_request /validate;
    proxy_pass http://apidns:8081/api/sfdc/team?$query_string;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}


location / {
    auth_request /validate;

    proxy_pass http://internal-iport-qa3-dotcms-elb-1111111.us-east-1.elb.amazonaws.com/;
    proxy_set_header X-Vouch-User $auth_resp_x_vouch_user;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

# redirect server error pages to the static page /50x.html
error_page   500 502 503 504  /error;
location = /50x.html {
    root   /usr/share/nginx/html;
}
}