upstream auth_web { server auth_web:3000; } upstream auth_api { server auth_api:3001; } map $request_method $login_proxy { POST http://auth_api/$AUTH_MODE/login; GET http://auth_web; } upstream app { server $APPLICATION; } include /etc/nginx/include/upstream.conf; server { listen 80; include /etc/nginx/mime.types; limit_req zone=req_limit_per_ip burst=30; limit_conn conn_limit_per_ip 30; error_page 401 /login; location = /auth { internal; proxy_pass http://auth_api; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header refresh-token $REFRESH_TOKEN; proxy_set_header auth-mode $AUTH_MODE; proxy_intercept_errors on; } location /login { proxy_pass $login_proxy; } location ~ ^/(logout|get-user)$ { proxy_pass http://auth_api/$AUTH_MODE/$1; } location = / { limit_req zone=req_limit_page burst=1 nodelay; proxy_pass http://app; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; include /etc/nginx/include/auth.conf; } location / { proxy_pass http://app; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; include /etc/nginx/include/auth.conf; } location = /health { access_log off; add_header 'Content-Type' 'application/json'; return 200 'UP'; } include /etc/nginx/include/location.conf; }