nginx.conf

ssl_session_cache shared:sslcache:50m;
ssl_session_timeout 30m;
ssl_dhparam /etc/ssl/dhparam/jmap-proxy.local.dhparam;

server {
	listen      80;
	server_name jmap-proxy.local;
	location / {
		rewrite ^/$ https://jmap-proxy.local/ redirect;
	}
}

server {
	listen 443;

	ssl                 on;
	ssl_certificate     /etc/ssl/certs/jmap-proxy.local.publiccert;
	ssl_certificate_key /etc/ssl/private/jmap-proxy.local.privatekey;

	ssl_prefer_server_ciphers on;
	ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers               EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:HIGH:!aNULL:!eNULL:!LOW:!DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED;

	root  /home/jmap/jmap-perl/htdocs/;
	index index.html index.htm;

	server_name jmap-proxy.local;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ /index.html;
	}

	location = / {
		if ( $request_method = 'OPTIONS' ) {
			add_header 'Access-Control-Allow-Origin' '*';

			# -D GAPING_SECURITY_HOLE
			add_header 'Access-Control-Allow-Headers' $http_access_control_request_headers;
			add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
			add_header 'Access-Control-Max-Age'       600;
			add_header 'Content-Type'                 'text/plain; charset=UTF-8';
			add_header 'Content-Length'               0;

			return 204;
		}

		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		proxy_pass http://127.0.0.1:9000/home;
	}

	location /events/ {
		if ( $request_method = 'OPTIONS' ) {
			add_header 'Access-Control-Allow-Origin' '*';

			# -D GAPING_SECURITY_HOLE
			add_header 'Access-Control-Allow-Headers' $http_access_control_request_headers;
			add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
			add_header 'Access-Control-Max-Age'       600;
			add_header 'Content-Type'                 'text/plain; charset=UTF-8';
			add_header 'Content-Length'               0;

			return 204;
		}

		# Immediately send backend responses back to client
		proxy_buffering off;

		# Disable keepalive to browser
		keepalive_timeout 0;

		# It's a long lived backend connection with potentially a long time between
		# push events, make sure proxy doesn't timeout
		proxy_read_timeout 7200;

		proxy_pass http://127.0.0.1:9001/events/;
	}

	location /files/ {
		proxy_pass http://127.0.0.1:9000/files/;
	}

	location /jmap/ {
		if ( $request_method = 'OPTIONS' ) {
			add_header 'Access-Control-Allow-Origin' '*';

			# -D GAPING_SECURITY_HOLE
			add_header 'Access-Control-Allow-Headers' $http_access_control_request_headers;
			add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
			add_header 'Access-Control-Max-Age' 600;
			add_header 'Content-Type' 'text/plain; charset=UTF-8';
			add_header 'Content-Length' 0;

			return 204;
		}

		proxy_pass http://127.0.0.1:9000/jmap/;
	}

	location /upload/ {
		if ( $request_method = 'OPTIONS' ) {
			add_header 'Access-Control-Allow-Origin' '*';

			# -D GAPING_SECURITY_HOLE
			add_header 'Access-Control-Allow-Headers' $http_access_control_request_headers;
			add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
			add_header 'Access-Control-Max-Age' 600;
			add_header 'Content-Length' 0;
			add_header 'Content-Type' 'text/plain; charset=UTF-8';

			return 204;
		}

		add_header 'Access-Control-Allow-Origin' '*';

		proxy_pass http://127.0.0.1:9000/upload/;
	}

	location /raw/ {
		proxy_pass http://127.0.0.1:9000/raw/;
	}

	location /A {
		proxy_pass http://127.0.0.1:9000/A;
	}

	location /J {
		proxy_pass http://127.0.0.1:9000/J;
	}

	location /U {
		proxy_pass http://127.0.0.1:9000/U;
	}

	location /register {
		proxy_pass http://127.0.0.1:9000/register;
	}

	location /proxy {
		proxy_pass http://127.0.0.1:9000/proxy;
	}

	location /signup {
		proxy_pass http://127.0.0.1:9000/signup;
	}

	location /delete {
		proxy_pass http://127.0.0.1:9000/delete;
	}

	location /cb {
		proxy_pass http://127.0.0.1:9000/cb;
	}
}