nginx-prod-https.conf

server {
    listen 443 ssl;
    server_name workbench.phema.science;
    ssl_certificate /opt/phema/workbench/certs/workbench.phema.science.fullchain.pem;
    ssl_certificate_key /opt/phema/workbench/certs/workbench.phema.science.privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    # CORS hack because nginx if statements suck
    set $cors_origin "";
    set $cors_cred "";
    set $cors_header "";
    set $cors_method "";
    set $cors_expose "";

    set $vary "";
    set $cors_age "";
    set $cors_content "";
    set $cors_length "";

    if ($request_method = 'OPTIONS') {
        set $cors_origin $http_origin;
        set $cors_cred 'true';
        set $cors_header 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        set $cors_method 'GET, POST, OPTIONS';
        set $cors_expose 'Content-Length,Content-Range';

        set $vary 'Origin';

        set $cors_age 1728000;
        set $cors_content 'text/plain; charset=utf-8';
        set $cors_length 0;

        return 204;
    }

    # Clear headers
    add_header 'Access-Control-Allow-Origin' $cors_origin;
    add_header 'Access-Control-Allow-Credentials' $cors_cred;
    add_header 'Access-Control-Allow-Headers' $cors_header;
    add_header 'Access-Control-Allow-Methods' $cors_method;
    add_header 'Access-Control-Expose-Headers' $cors_expose;

    # OPTIONS Stuff
    add_header 'Vary' $vary;
    add_header 'Access-Control-Max-Age' $cors_age;
    add_header 'Content-Type' $cors_content;
    add_header 'Content-Length' $cors_length;

    # Return success before invoking auth
    if ($request_method = 'OPTIONS') {
        return 204;
    }

    # basic auth
    auth_basic "PhEMA Workbench";
    auth_basic_user_file /opt/phema/workbench/.htpasswd;

    # proxy workbench API

    location /api/v1 {
        proxy_pass http://phema-workbench-api:8083/api/v1;
    }

    # proxy FHIR base URL

    location /fhir {
        proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/fhir;
    }

    # proxy various hapi web overlay resources

    location /hapi {
        proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/;
    }

    location /cqf-ruler-r4/ {
        proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/;
    }

    location /css {
        proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/css;
    }

    location /js {
        proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/js;
    }

    location /img {
        proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/img;
    }

    # data api
    location /data/ {
        proxy_pass http://phema-workbench-repo-api:3000/;
    }

    # default to workbench app

    location / {
        proxy_pass http://phema-workbench-app;
    }
}

server {
    listen 443 ssl;
    server_name cors.phema.science;
    ssl_certificate /opt/phema/workbench/certs/cors.phema.science.fullchain.pem;
    ssl_certificate_key /opt/phema/workbench/certs/cors.phema.science.privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    # cors proxy

    location / {
        proxy_pass http://phema-cors-proxy:8080;
    }
}