diff --git a/deploy/nginx.conf.jinja2 b/deploy/nginx.conf.jinja2 index 9f8aed7e7a..1d4ad4f262 100644 --- a/deploy/nginx.conf.jinja2 +++ b/deploy/nginx.conf.jinja2 @@ -19,41 +19,11 @@ http { text/javascript application/x-javascript application/atom+xml; + # Proxy upstream to the gunicorn process upstream studio { server 127.0.0.1:8081; - } - - # Allow-list filter for content catalog paths - server { - listen 8080; - server_name catalog.learningequality.org; - location = / { - proxy_pass http://studio; - proxy_redirect off; - proxy_set_header Host $host; - } - location /static/ { - autoindex on; - alias /app/contentworkshop_static/; - expires 4h; - } - location /content/ { - proxy_http_version 1.1; - proxy_pass {{ $aws_s3_endpoint_url }}/{{ $aws_s3_bucket_name }}/; - proxy_set_header Host $proxy_host; - proxy_set_header Accept-Encoding Identity; - proxy_redirect off; - gzip off; - } - location ~ ^/(api/catalog|stealthz|healthz|api/get_channel_details|jsreverse|i18n) { - proxy_pass http://studio; - proxy_redirect off; - proxy_set_header Host $host; - } - location / { - deny all; - } + keepalive 5; } # Configuration for Nginx @@ -80,17 +50,26 @@ http { # Proxy connections to django location / { proxy_pass http://studio; - proxy_redirect off; proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 100s; + proxy_redirect off; + proxy_cache off; } location /content/ { + limit_except GET HEAD OPTIONS { + deny all; + } proxy_http_version 1.1; proxy_pass {{ $aws_s3_endpoint_url }}/{{ $aws_s3_bucket_name }}/; - proxy_set_header Host $proxy_host; + proxy_set_header Host $host; proxy_set_header Accept-Encoding Identity; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; + proxy_buffering off; + proxy_cache off; + proxy_read_timeout 100s; gzip off; }