files/conf.d/virtualHost.template

server {
	listen 80;
	modsecurity on;
	modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;
	server_name XXXXXXXXXX;

    location /_v/healthcheck {
		root   html;
		index  200.html;
	}

	#add_header Content-Security-Policy "default-src 'self';";
	#add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
	#add_header X-XSS-Protection "1; mode=block";
	#add_header X-Frame-Options "SAMEORIGIN";
	#add_header X-Content-Type-Options nosniff;
	#add_header Referrer-Policy "strict-origin";
	#add_header Permissions-Policy "geolocation=();midi=();notifications=();push=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();speaker=(self);vibrate=();fullscreen=(self);payment=();";

	#if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
	#		return 403;
	#}

	#add_header Allow "GET, POST, HEAD" always;
	#if ( $request_method !~ ^(GET|POST|HEAD)$ ) {
    #		return 405;
	#}

	error_page 400 /400.html;
		location = /400.html {
    	root  /usr/local/nginx/errorpages;
	}

	error_page 404 /404.html;
		location = /404.html {
    	root  /usr/local/nginx/errorpages;
	}

	error_page 403 /403.html;
		location = /403.html {
		ssi on;
    	root  /usr/local/nginx/errorpages;
	}

	error_page 500 502 503 504 /50x.html;
		location = /50x.html {
    	root  /usr/local/nginx/errorpages;
	}

	location / {
		proxy_pass http://YYYYYYYY/;
		proxy_set_header Host $host;
		proxy_set_header Referer https://XXXXXXXXXX/;

        proxy_set_header Accept-Encoding "";
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-NginX-Proxy true;
	}
}

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name XXXXXXXXXX;
    modsecurity on;
	modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

    location /_v/healthcheck {
		root   html;
		index  200.html;
	}

	error_page 400 /400.html;
		location = /400.html {
    	root  /usr/local/nginx/errorpages;
	}

	error_page 404 /404.html;
		location = /404.html {
    	root  /usr/local/nginx/errorpages;
	}

	error_page 403 /403.html;
		location = /403.html {
    	root  /usr/local/nginx/errorpages;
	}

	error_page 500 502 503 504 /50x.html;
		location = /50x.html {
    	root  /usr/local/nginx/errorpages;
	}

	location / {
		proxy_pass https://YYYYYYYY/;
		proxy_set_header Host $host;
		proxy_set_header Referer https://XXXXXXXXXX/;

        proxy_set_header Accept-Encoding "";
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-NginX-Proxy true;
	}

	root /usr/share/nginx/html; # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
	ssl_certificate /root/.certs/nginx.crt;
	ssl_certificate_key /root/.certs/nginx.key;
}