nginx.conf

daemon off;

error_log <%= ENV["APP_ROOT"] %>/nginx/logs/error.log;
events { worker_connections 1024; }

http {
  log_format cloudfoundry '$http_x_forwarded_for - $http_referer - [$time_local] "$request" $status $body_bytes_sent';
  access_log <%= ENV["APP_ROOT"] %>/nginx/logs/access.log cloudfoundry;
  default_type application/octet-stream;
  include mime.types;
  sendfile on;

  gzip on;
  gzip_disable "msie6";
  gzip_comp_level 6;
  gzip_min_length 1100;
  gzip_buffers 16 8k;
  gzip_proxied any;
  gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/xml+rss;

  tcp_nopush on;
  keepalive_timeout 30;
  port_in_redirect off; # Ensure that redirects don't include the internal container PORT - <%= ENV["PORT"] %>
  server_tokens off;

  server {
    listen <%= ENV["PORT"] %>;
    server_name localhost;

    # Note: .+ instead of .*
    # this is to allow /data/ to pass through untouched

    <% if ENV["S3_BUCKET_URL"] %>
    location ~* ^/data/(.+) {

      set $url_full         '$1';

      proxy_http_version     1.1;
      proxy_set_header       Authorization '';
      proxy_hide_header      x-amz-id-2;
      proxy_hide_header      x-amz-request-id;
      proxy_hide_header      Set-Cookie;
      proxy_ignore_headers   "Set-Cookie";
      proxy_buffering        off;
      proxy_intercept_errors on;

      resolver               8.8.8.8 valid=300s;

      add_header             Cache-Control "no-cache";
      add_header             Pragma "no-cache";

      proxy_pass             <%= ENV["S3_BUCKET_URL"] %>/$url_full;
    }
    <% end %>

    location =/developers {
      return 302 https://open.gsa.gov/api/dap/;
    }

    location =/developer {
      return 302 https://open.gsa.gov/api/dap/;
    }
    
    location / {
      root <%= ENV["APP_ROOT"] %>/public;
      index index.html index.htm Default.htm;
      <% if File.exists?(File.join(ENV["APP_ROOT"], "nginx/conf/.enable_directory_index")) %>
      autoindex on;
      <% end %>
      <% if File.exists?(auth_file = File.join(ENV["APP_ROOT"], "nginx/conf/.htpasswd")) %>
      auth_basic "Restricted";                                #For Basic Auth
      auth_basic_user_file <%= auth_file %>;  #For Basic Auth
      <% end %>
      <% if ENV["FORCE_HTTPS"] %>
      if ($http_x_forwarded_proto != "https") {
        return 301 https://$host$request_uri;
      }
      <% end %>
      add_header Cache-Control "max-age=60";
      try_files $uri $uri/index.html $uri/ =404;
    }

  }
}