http_dev.conf

server {
    listen 80;
    server_name 127.0.0.1;

    root /home/disco/discosat_server/app/static;
    index index.html;

    # protect cross-site-scripting
    add_header Content-Security-Policy "script-src 'self'"; 

    location / {
        # path for static files  
        try_files $uri $uri/ =404;
    }

    # proxy all requests to /data, /docs or /jobs to FastAPI 
    location ~ ^/(data/|fixedjobs/|docs/|sensors/|login/|usermanagement/) {
        proxy_set_header Access-Control-Origin *;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_redirect off;
        proxy_buffering off;
        proxy_pass http://0.0.0.0:8000;
    }

    # proxy dash requests to FastAPI and change Content-Security-Policy for scripts to hash of the dash generated
    # inline script, so we dont have to use unsave-inline
    location /dash/ {
        proxy_set_header Access-Control-Origin *;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_redirect off;
        proxy_buffering off;
        proxy_pass http://127.0.0.1:8000;

        # https://github.com/plotly/dash/issues/630 &   https://github.com/plotly/dash-core-components/issues/752
        add_header Content-Security-Policy "
            script-src 'self' 'sha256-jZlsGVOhUAIcH+4PVs7QuGZkthRMgvT2n0ilH6/zTM0='
            'sha256-nSprf64bZrwVRCJAphL0dHZeysya3zSu6qO7CSlTses=';
            ";
    }

}

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

upstream uvicorn {
    server unix:/tmp/uvicorn.sock;
}