nginx.conf

daemon off;
error_log /dev/stdout info;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    access_log /dev/stdout;
    error_log /dev/stderr notice;

    proxy_buffers 16 16k;
    proxy_buffer_size 16k;

    keepalive_timeout  65;
    client_max_body_size 100M;

    server {

        listen 3600;
        server_name _;

        sendfile off;

        root /home/eugen/GitHub/papermerge/AuthServerProj/ui2/dist/;
        index index.html;

        error_page 401 = @auth_server;

        location ~ ^/api(/?)(.*)  {
            auth_request /verify;

            auth_request_set $auth_cookie $upstream_http_set_cookie;
            add_header Set-Cookie $auth_cookie;
            auth_request_set $auth_status $upstream_status;
            proxy_pass http://127.0.0.1:8000/$2$is_args$args;
        }

         location /openapi.json  {
            auth_request /verify;

            auth_request_set $auth_cookie $upstream_http_set_cookie;
            add_header Set-Cookie $auth_cookie;
            auth_request_set $auth_status $upstream_status;
            proxy_pass http://127.0.0.1:8000/openapi.json;
        }

         location ~ ^/ws(/?)(.*)  {
            auth_request /verify;

            auth_request_set $auth_cookie $upstream_http_set_cookie;
            add_header Set-Cookie $auth_cookie;
            auth_request_set $auth_status $upstream_status;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_pass http://127.0.0.1:8000/ws/$2$is_args$args;
        }

        location / {
            auth_request /verify;
            auth_request_set $auth_cookie $upstream_http_set_cookie;
            add_header Set-Cookie $auth_cookie;
            auth_request_set $auth_status $upstream_status;

            proxy_set_header Host $host;
            root /home/eugen/pcore/ui2/dist;
            try_files $uri /app/index.html =404;
        }

        location = /verify {
            internal;
            proxy_pass http://localhost:4010;
            proxy_pass_request_body off;
            proxy_set_header Content-Length "";

            proxy_set_header X-Original-URI $request_uri;
            proxy_set_header X-Original-Remote-Addr $remote_addr;
            proxy_set_header X-Original-Host $host;
        }

        location @auth_server {
            if ($uri ~ /api/(token|auth)) {
                rewrite ^/api/(.*) /$1 break;
                proxy_pass http://localhost:4010;
            }

            if ($uri ~ /api) {
                return 401 "Unauthorized";
            }

            root /home/eugen/GitHub/papermerge/AuthServerProj/ui2/dist/;
            try_files $uri /index.html =404;
        }
    }
}