nginx.conf.src

daemon off;

error_log /home/vcap/app/error.log;
events { worker_connections 1024; }

http {
  log_format cloudfoundry '$http_x_forwarded_for - $http_referer - [$time_local] "$request" $status $body_bytes_sent';
  access_log /home/vcap/app/access.log cloudfoundry;
  default_type application/octet-stream;
  include mime.types;
  sendfile on;

  gzip on;
  gzip_disable "msie6";
  gzip_comp_level 6;
  gzip_min_length 1100;
  gzip_buffers 16 8k;
  gzip_proxied any;
  gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/xml+rss;

  tcp_nopush on;
  keepalive_timeout 30;
  port_in_redirect off; # Ensure that redirects don't include the internal container PORT - <%= ENV["PORT"] %>
  server_tokens off;

   map $http_origin $allow_origin {
       ~^(http(s)?:\/\/)?(.*)?\.app\.cloud\.gov$ $http_origin;
   }
   map $http_origin $allow_methods {
       ~^(http(s)?:\/\/)?(.*)?\.app\.cloud\.gov$ "OPTIONS, HEAD, GET";
   }

  server {
    #listen {{port}};
    listen 8080;
    server_name localhost;

    # Note: .+ instead of .*
    # this is to allow /data/ to pass through untouched

    location ~* ^/data/(.+) {

      set $url_full         '$1';
      gunzip on;
      proxy_http_version     1.1;
      proxy_set_header       Authorization '';
      proxy_hide_header      x-amz-id-2;
      proxy_hide_header      x-amz-request-id;
      proxy_hide_header      Set-Cookie;
      proxy_ignore_headers   "Set-Cookie";
      proxy_buffering        off;
      proxy_intercept_errors on;

      resolver               8.8.8.8 valid=300s;

      add_header             Cache-Control "no-cache";
      add_header             Pragma "no-cache";

      proxy_hide_header      Access-Control-Allow-Origin;
      add_header             Access-Control-Allow-Origin $allow_origin;
      add_header             Access-Control-Allow-Methods $allow_methods;
      proxy_pass             ${S3_BUCKET_URL}/data/$url_full;
    }

    location =/developers {
      return 302 https://open.gsa.gov/api/dap/;
    }

    location =/developer {
      return 302 https://open.gsa.gov/api/dap/;
    }

    location / {
      root /home/vcap/app/_site;
      index index.html index.htm Default.htm;

      autoindex on;

      #auth_basic "Restricted";                                #For Basic Auth
      #auth_basic_user_file /home/vcap/app/.htpasswd;  #For Basic Auth

      if ($http_x_forwarded_proto != "https") {
        return 301 https://$host$request_uri;
      }
      add_header Cache-Control "max-age=60";
      try_files $uri $uri/index.html $uri/ =404;
    }

  }
}