From 1dea1b56cfdde6319b3909d9d1a56d594cf5e0be Mon Sep 17 00:00:00 2001
From: Nicolas Arenas <narenas@qindel.com>
Date: Mon, 17 Mar 2025 11:19:11 +0100
Subject: [PATCH] Updated default.conf for container, nginx as secure proxypass

---
 docker/default.conf | 38 ++++++++++++++++++++++++--------------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/docker/default.conf b/docker/default.conf
index d0dd483..f10f718 100644
--- a/docker/default.conf
+++ b/docker/default.conf
@@ -15,21 +15,7 @@ server {
     ssl_certificate /etc/nginx/certs/ogcore.uds-test.net.crt.pem;
     ssl_certificate_key /etc/nginx/certs/ogcore.uds-test.net.key.pem;
 
-     location /mercure/ {
-        proxy_pass http://ogcore-mercure:3000/;
-        proxy_read_timeout 24h;
-        proxy_http_version 1.1;
-        proxy_set_header Connection "";
-        proxy_set_header Host $host:$server_port;
 
-        # Enable fast reply in SSE
-        proxy_buffering off;
-
-        # Forward headers
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Host $host:$server_port;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
 
     location /opengnsys/rest/ous// {
         rewrite ^/opengnsys/rest/ous//([0-9]+)/images /opengnsys/rest/ous/$1/images;
@@ -59,3 +45,27 @@ server {
     error_log /var/log/nginx/error.log debug;
     access_log /var/log/nginx/access.log;
 }
+
+server {
+    listen 3000 ssl http2;
+    listen [::]:3000 ssl http2;
+
+
+    ssl_certificate /etc/nginx/certs/ogcore.uds-test.net.crt.pem;
+    ssl_certificate_key /etc/nginx/certs/ogcore.uds-test.net.key.pem;
+
+    location / {
+        proxy_pass http://ogcore-mercure:3000/; 
+        proxy_read_timeout 24h;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+
+        # Enable fast reply in SSE
+        proxy_buffering off;
+
+        ## Be sure to set USE_FORWARDED_HEADERS=1 to allow the hub to use those headers ##
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
\ No newline at end of file