server { listen 80; server_name ; location / { return 301 https://$host$request_uri; } } server { # TCP (TLS) with HTTP/2 listen 443 ssl http2; server_name ; ssl_certificate /etc/letsencrypt/live//fullchain.pem; ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # Targeted trailing slash redirects location = /auth { return 301 /auth/$is_args$args; } location = /be-metadata { return 301 /be-metadata/$is_args$args; } location = /be-gisdata { return 301 /be-gisdata/$is_args$args; } # Increase max upload size client_max_body_size 1000M; # Root application location / { proxy_pass http://:8082/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Server $host; } # Keycloak (auth) location /auth/ { proxy_pass http://:8083/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Server $host; } # Metadata backend location /be-metadata/ { proxy_pass http://:8004/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Server $host; } # GIS data backend location /be-gisdata/ { proxy_pass http://:8005/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Server $host; } }