mingtsay/gov-proxy.rmstudio.tw Secret

## gov-proxy.rmstudio.tw
server {
    include listen_both;
    server_name gov-proxy.rmstudio.tw;

    ssl_certificate /root/.acme.sh/gov-proxy.rmstudio.tw_ecc/fullchain.cer;
    ssl_certificate_key /root/.acme.sh/gov-proxy.rmstudio.tw_ecc/gov-proxy.rmstudio.tw.key;

    underscores_in_headers on;

    location ~ ^/(?<gov_host>(.+?\.)?gov\.tw)(?<gov_query>(/.*)?)$ {
        proxy_set_header Host $gov_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass_request_headers on;
        proxy_ssl_trusted_certificate /etc/nginx/GRCA2.crt;
        proxy_pass https://$gov_host$gov_query;

        more_set_headers 'Access-Control-Allow-Origin: *';
        etag on;

        break;
    }

    location / {
        if ($http_referer ~ ^https://gov-proxy\.rmstudio\.tw/(?<gov_host>(.+?\.)?gov\.tw)/?) {
           return 302 $scheme://$host/$gov_host$request_uri;
        }
        return 403;
    }
}
	server {
	include listen_both;
	server_name gov-proxy.rmstudio.tw;

	ssl_certificate /root/.acme.sh/gov-proxy.rmstudio.tw_ecc/fullchain.cer;
	ssl_certificate_key /root/.acme.sh/gov-proxy.rmstudio.tw_ecc/gov-proxy.rmstudio.tw.key;

	underscores_in_headers on;

	location ~ ^/(?<gov_host>(.+?\.)?gov\.tw)(?<gov_query>(/.*)?)$ {
	proxy_set_header Host $gov_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_pass_request_headers on;
	proxy_ssl_trusted_certificate /etc/nginx/GRCA2.crt;
	proxy_pass https://$gov_host$gov_query;

	more_set_headers 'Access-Control-Allow-Origin: *';
	etag on;

	break;
	}

	location / {
	if ($http_referer ~ ^https://gov-proxy\.rmstudio\.tw/(?<gov_host>(.+?\.)?gov\.tw)/?) {
	return 302 $scheme://$host/$gov_host$request_uri;
	}
	return 403;
	}
	}