openfoodfacts · stephanegigandet · Mar 15, 2024 · Mar 15, 2024
@@ -16,8 +16,8 @@
 
 # we need to have main domain for CORS (see nginx-cors includes)
 map $host $main_domain {
-    default ...;
-    ~*.*\.(?<host_main_domain>[^.]+\.[^.]+) $host_main_domain;
+	default ...;
+	~*.*\.(?<host_main_domain>[^.]+\.[^.]+) $host_main_domain;
 }
 
 include /etc/nginx/snippets/expires-no-json-xml.conf;
@@ -29,7 +29,10 @@ server {
 	# Product Opener needs a root domain + a wildcard for all subdomains
 	server_name ${PRODUCT_OPENER_DOMAIN} *.${PRODUCT_OPENER_DOMAIN};
 
-	access_log /var/log/nginx/${productopener_access_file_prefix}access.log;
+	# logs location: default is static-off, will be changed to proxy-off
+	# for requests passed to Apache
+	access_log /var/log/nginx/static-off-access.log;
+	error_log /var/log/nginx/static-off-error.log;
 
 	# static file we serve are in html/
 	root /opt/product-opener/html/;
@@ -41,13 +44,6 @@ server {
 	# Add index.php to the list if you are using PHP
 	index index.html index.htm index.nginx-debian.html;
 
-	location /data/ {
-		include /etc/nginx/snippets/off.cors-headers.include;
-		# First attempt to serve request as file, then
-		# as directory, then fall back to displaying a 404.
-		try_files $uri $uri/ =404;
-	}
-
 	# Add index.php to the list if you are using PHP
 	index index.html index.htm index.nginx-debian.html;
 
@@ -62,7 +58,7 @@ server {
 
 	# Static files are served directly by NGINX
 
-	location ~ ^/files/(.*) {
+	location ~ ^/(.well-known|files|data|exports|dump)/ {
 		include snippets/off.cors-headers.include;
 		include /etc/nginx/snippets/expiry-headers.include;
 		# fist try in files_resources
@@ -71,7 +67,7 @@ server {
 		gunzip on;
 	}
 
-	location ~ ^/(.well-known|images|fonts|css|js|rss|resources|foundation|bower_components)/ {
+	location ~ ^/(images|fonts|css|js|donate|resources)/ {
 		include /etc/nginx/snippets/off.cors-headers.include;
 		include /etc/nginx/snippets/expiry-headers.include;
 		# First attempt to serve request as file, off_web_html acting as an override,
@@ -96,7 +92,7 @@ server {
 	}
 
 	# redirects of some locations
-    include /etc/nginx/snippets/off.locations-redirects.include;
+	include /etc/nginx/snippets/off.locations-redirects.include;
 
 	# Dynamically generated files and CGI scripts are passed
 	# to the Apache + mod_perl server running on the backend container
@@ -112,8 +108,10 @@ server {
 		proxy_set_header Host $host;
 		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		access_log /var/log/nginx/proxy-off-access.log;
+		error_log /var/log/nginx/proxy-off-error.log;
 		set $backend backend;
-		proxy_pass http://$backend/cgi/display.pl?$request_uri;
+		proxy_pass http://$backend/cgi/display.pl?$request_uri;		
 	}
 
 	location /nginx_status {
@@ -127,7 +125,9 @@ server {
 		proxy_set_header Host $host;
 		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		access_log /var/log/nginx/proxy-off-access.log;
+		error_log /var/log/nginx/proxy-off-error.log;
 		set $backend backend;
-		proxy_pass http://$backend;
+		proxy_pass http://$backend;		
 	}
 }
@@ -20,8 +20,8 @@ server {
 	# listen 80 default_server;
 	# listen [::]:80 default_server;
 
-		listen 80;
-		listen [::]:80;
+	listen 80;
+	listen [::]:80;
 
 
 	server_name openbeautyfacts.org *.openbeautyfacts.org ;
@@ -40,29 +40,29 @@ server {
 	listen [::]:443 http2 ssl;
 
 	include snippets/ssl.openbeautyfacts.org;
-		include snippets/ssl-params.conf;
+	include snippets/ssl-params.conf;
 
 	root /srv/obf/html;
 
 	access_log /srv/obf/logs/nginx.access2.log;
 	error_log /srv/obf/logs/nginx.error2.log;
 
-		# Redirect GET requests to https. POST requests will be transformed
-		# to GET by most browsers when redirected, and it breaks apps that
-		# use the API through http.
-
-		if ($scheme = http) {
-			set $test "A";
-		}
-		if ($request_uri !~ "/api/") {
-			set $test "${test}B";
-		}
-		if ($request_method = GET) {
-			set $test "${test}C";
-		}
-		if ($test = ABC) {
-			return 301 https://$host$request_uri;
-		}
+	# Redirect GET requests to https. POST requests will be transformed
+	# to GET by most browsers when redirected, and it breaks apps that
+	# use the API through http.
+
+	if ($scheme = http) {
+		set $test "A";
+	}
+	if ($request_uri !~ "/api/") {
+		set $test "${test}B";
+	}
+	if ($request_method = GET) {
+		set $test "${test}C";
+	}
+	if ($test = ABC) {
+		return 301 https://$host$request_uri;
+	}
 
 	gzip on;
 	gzip_min_length 1000;
@@ -107,14 +107,14 @@ server {
 		try_files $uri $uri/ =404;
 	}
 
-        # GoogleAssociationService made 2500 requests/min to assetlinks.json
-        # and much less when caching headers are sent
-        location = /.well-known/assetlinks.json {
-                include snippets/off.cors-headers.include;
-			include snippets/expiry-headers.include;
-                expires 1d;
-                try_files $uri $uri/ =404;
-        }
+	# GoogleAssociationService made 2500 requests/min to assetlinks.json
+	# and much less when caching headers are sent
+	location = /.well-known/assetlinks.json {
+			include snippets/off.cors-headers.include;
+		include snippets/expiry-headers.include;
+			expires 1d;
+			try_files $uri $uri/ =404;
+	}
 
 	location / {
 		proxy_set_header Host $host;

@@ -25,8 +25,8 @@ server {
 
 	root /srv/off/html;
 
-    # enable large uploads
-    client_max_body_size 20M;
+	# enable large uploads
+	client_max_body_size 20M;
 	client_body_timeout 120s;
 	client_header_timeout 120s;
 
@@ -115,8 +115,8 @@ server {
 		# recursive hosts as we are proxying behind a proxy
 		set_real_ip_from 10.0.0.0/8;
 		real_ip_recursive on;
-	        access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s;
-	        error_log /var/log/nginx/proxy-off-error.log;
+		access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s;
+		error_log /var/log/nginx/proxy-off-error.log;
 
 		proxy_pass http://127.0.0.1:8004/cgi/display.pl?;
 	}
@@ -126,8 +126,8 @@ server {
 		# recursive hosts as we are proxying behind a proxy
 		set_real_ip_from 10.0.0.0/8;
 		real_ip_recursive on;
-	        access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s;
-	        error_log /var/log/nginx/proxy-off-error.log;
+		access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s;
+		error_log /var/log/nginx/proxy-off-error.log;
 
 		proxy_pass http://127.0.0.1:8004;
 	}

@@ -92,7 +92,7 @@ server {
 		set_real_ip_from 10.0.0.0/8;
 		real_ip_recursive on;
 		access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s;
-	        error_log /var/log/nginx/proxy-off-error.log;
+		error_log /var/log/nginx/proxy-off-error.log;
 
 		proxy_pass http://127.0.0.1:8014/cgi/display.pl?;
 	}
@@ -103,7 +103,7 @@ server {
 		set_real_ip_from 10.0.0.0/8;
 		real_ip_recursive on;
 		access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s;
-	        error_log /var/log/nginx/proxy-off-error.log;
+		error_log /var/log/nginx/proxy-off-error.log;
 
 		proxy_pass http://127.0.0.1:8014;
 	}