diff -ruN nginx/conf.d/default.conf nginx/conf.d/default.conf --- nginx/conf.d/default.conf 2021-04-26 14:07:57.000000000 +0200 +++ nginx/conf.d/default.conf 2022-01-20 15:58:00.000000000 +0100 @@ -28,50 +28,37 @@ add_header X-Frame-Options "deny"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + add_header X-Content-Type-Options "nosniff"; + add_header Referrer-Policy "same-origin"; + location /api/ { - client_max_body_size 0; - - proxy_pass http://127.0.0.1:9090/api/; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_request_buffering off; - } - - location ~/admin/download-file/(.+) { - include download.conf; - - auth_request /download-file-auth-admin; - } - - location ~/admin/download-archive/(.+) { - include download.conf; - - auth_request /download-file-auth-admin; + set $x_uri_suffix ""; + + include proxy.conf; } - - location ~/download-file/(.+) { - include download.conf; - - auth_request /download-file-auth-user; + + location /admin/download-file/ { + set $x_uri_suffix "/api"; + + include proxy.conf; } - - location ~/download-archive/(.+) { - include download.conf; - - auth_request /download-file-auth-user; + + location /admin/download-archive/ { + set $x_uri_suffix "/api"; + + include proxy.conf; } - - location /download-file-auth-user { - include download-auth.conf; - - proxy_pass http://127.0.0.1:9090/api/user$request_uri; + + location /download-file/ { + set $x_uri_suffix "/api/user"; + + include proxy.conf; } - - location /download-file-auth-admin { - include download-auth.conf; - - proxy_pass http://127.0.0.1:9090/api$request_uri; + + location /download-archive/ { + set $x_uri_suffix "/api/user"; + + include proxy.conf; } location /admin { diff -ruN nginx/download-auth.conf nginx/download-auth.conf --- nginx/download-auth.conf 2020-07-15 09:52:15.000000000 +0200 +++ nginx/download-auth.conf 1970-01-01 01:00:00.000000000 +0100 @@ -1,10 +0,0 @@ -# download offload auth configuration - -internal; - -proxy_method HEAD; -proxy_pass_request_body off; -proxy_http_version 1.1; -proxy_set_header Content-Length ""; -proxy_set_header X-Original-URI $request_uri; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff -ruN nginx/download.conf nginx/download.conf --- nginx/download.conf 2020-07-15 09:51:50.000000000 +0200 +++ nginx/download.conf 1970-01-01 01:00:00.000000000 +0100 @@ -1,16 +0,0 @@ -# download offload configuration - -auth_request_set $auth_status $upstream_status; -auth_request_set $file_location $upstream_http_x_sofie_file_location; -auth_request_set $datastore_root $upstream_http_x_sofie_datastore_root; -auth_request_set $file_disposition $upstream_http_content_disposition; -auth_request_set $cache_control $upstream_http_cache_control; - -add_header Content-Disposition $file_disposition; -add_header Cache-Control $cache_control; - -default_type application/octet-stream; - -root $datastore_root; - -try_files /$file_location /; diff -ruN nginx/proxy.conf nginx/proxy.conf --- nginx/proxy.conf 1970-01-01 01:00:00.000000000 +0100 +++ nginx/proxy.conf 2022-01-20 15:58:20.000000000 +0100 @@ -0,0 +1,7 @@ +client_max_body_size 0; + +proxy_pass http://127.0.0.1:9090$x_uri_suffix$request_uri; +proxy_set_header Host $host; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_http_version 1.1; +proxy_request_buffering off;