server { listen 80; location ~ ^/(api|secret-scanning/webhooks) { proxy_set_header X-Real-RIP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://backend:4000; proxy_redirect off; # proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; HttpOnly; SameSite=strict"; } location /api/v3/migrate { client_max_body_size 25M; proxy_set_header X-Real-RIP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://backend:4000; proxy_redirect off; proxy_cookie_path / "/; HttpOnly; SameSite=strict"; } location /.well-known/est { proxy_set_header X-Real-RIP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; # specific for infisical cloud setup, needed for server-side mTLS proxy_set_header X-SSL-Client-Cert $http_x_amzn_mtls_clientcert proxy_pass http://backend:4000; proxy_redirect off; # proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; HttpOnly; SameSite=strict"; } # location /git-app-api { # proxy_set_header X-Real-RIP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header Host $http_host; # proxy_set_header X-NginX-Proxy true; # proxy_pass http://git-app:3000/; # proxy_redirect off; # # proxy_redirect http://localhost:8080/ http://frontend.example.com/; # proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; # } location / { include /etc/nginx/mime.types; proxy_set_header X-Real-RIP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://frontend:3000; proxy_redirect off; } }