folkcode/nginx_storage_spray.conf

## nginx_storage_spray.conf
server {
    listen       443 ssl;
    server_name  hostname;

    ssl                  on;
    ssl_certificate      /etc/nginx/ssl_certs/hostname.bndl.crt;
    ssl_certificate_key  /etc/nginx/ssl_certs/hostname.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    charset utf8;

    access_log  /var/log/nginx/hostname.access.log  main;
    error_log  /var/log/nginx/hostname.error.log debug;

    location @cors_response {
        more_set_headers "Access-Control-Allow-Origin: $http_origin";
        more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, DELETE, PUT';
        more_set_headers 'Access-Control-Allow-Credentials: true';
        more_set_headers "Access-Control-Allow-Headers: $http_access_control_request_headers";
        more_set_headers 'Access-Control-Max-Age: 2592000';
        return 204;
    }

    error_page 419 = @cors_response;

    set $cors "";

    if ($http_origin = "https://origin_hostname") {
        set $cors "true";
    }

    if ($request_method = OPTIONS) {
        set $cors "${cors}options";
    }

    if ($cors = "trueoptions") {
        return 419;
    }

    location ~* ^/avatars/(.+)$ {
        root  /data/filestorage/avatars;

        more_set_headers "Access-Control-Allow-Origin: https://origin_hostname";
        more_set_headers 'Access-Control-Allow-Credentials: true';

        try_files /$1.jpeg /$1.jpg /$1.gif /$1.png @filestorage;
    }

    location / {
        error_page 418 = @filestorage; return 418;
    }

    location @filestorage {
        rewrite ^/v1.0/(.+)$ /filestorage/$1 break;

        more_set_headers "Access-Control-Allow-Origin: $http_origin";
        more_set_headers 'Access-Control-Allow-Credentials: true';

        proxy_pass   http://backend;
        proxy_redirect     off;

        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }
}
	server {
	listen 443 ssl;
	server_name hostname;

	ssl on;
	ssl_certificate /etc/nginx/ssl_certs/hostname.bndl.crt;
	ssl_certificate_key /etc/nginx/ssl_certs/hostname.key;

	ssl_session_timeout 5m;

	ssl_protocols SSLv2 SSLv3 TLSv1;
	ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;

	charset utf8;

	access_log /var/log/nginx/hostname.access.log main;
	error_log /var/log/nginx/hostname.error.log debug;

	location @cors_response {
	more_set_headers "Access-Control-Allow-Origin: $http_origin";
	more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, DELETE, PUT';
	more_set_headers 'Access-Control-Allow-Credentials: true';
	more_set_headers "Access-Control-Allow-Headers: $http_access_control_request_headers";
	more_set_headers 'Access-Control-Max-Age: 2592000';
	return 204;
	}

	error_page 419 = @cors_response;

	set $cors "";

	if ($http_origin = "https://origin_hostname") {
	set $cors "true";
	}

	if ($request_method = OPTIONS) {
	set $cors "${cors}options";
	}

	if ($cors = "trueoptions") {
	return 419;
	}

	location ~* ^/avatars/(.+)$ {
	root /data/filestorage/avatars;

	more_set_headers "Access-Control-Allow-Origin: https://origin_hostname";
	more_set_headers 'Access-Control-Allow-Credentials: true';

	try_files /$1.jpeg /$1.jpg /$1.gif /$1.png @filestorage;
	}

	location / {
	error_page 418 = @filestorage; return 418;
	}

	location @filestorage {
	rewrite ^/v1.0/(.+)$ /filestorage/$1 break;

	more_set_headers "Access-Control-Allow-Origin: $http_origin";
	more_set_headers 'Access-Control-Allow-Credentials: true';

	proxy_pass http://backend;
	proxy_redirect off;

	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
	}