upstream auth_web { server auth_web:3000; } upstream auth_api { server auth_api:3001; } map $request_method $login_proxy { POST http://auth_api/$AUTH_MODE/login; GET http://auth_web; } upstream app { server $APPLICATION; } include /etc/nginx/include/upstream.conf; server { listen 80; include /etc/nginx/mime.types; include /etc/nginx/include/csp.conf; proxy_set_header auth-mode $AUTH_MODE; proxy_set_header refresh-token $REFRESH_TOKEN; error_page 401 /login/$AUTH_MODE; location = /auth { internal; proxy_pass http://auth_api; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header X-Original-URI $request_uri; proxy_intercept_errors on; proxy_set_header auth-mode $AUTH_MODE; proxy_set_header refresh-token $REFRESH_TOKEN; } location /login { proxy_pass $login_proxy; include /etc/nginx/include/security-headers.conf; } location ~ ^/(logout|get-user|login-telegram|login-confirm|refresh-token)$ { proxy_pass http://auth_api/$AUTH_MODE/$1; proxy_set_header auth-mode $AUTH_MODE; proxy_set_header refresh-token $REFRESH_TOKEN; } location /scripts/ { alias /etc/nginx/scripts/; autoindex on; } location / { proxy_pass http://app; include /etc/nginx/include/headers.conf; include /etc/nginx/include/auth.conf; include /etc/nginx/include/security-headers.conf; } location /socket.io/ { proxy_pass http://auth_api/socket.io/; include /etc/nginx/include/headers.conf; include /etc/nginx/include/auth.conf; include /etc/nginx/include/security-headers.conf; } location = /health { access_log off; add_header 'Content-Type' 'application/json'; return 200 'UP'; } include /etc/nginx/include/location.conf; }