@drumee/setup-infra 1.0.14 → 1.0.16

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@drumee/setup-infra",
-  "version": "1.0.14",
+  "version": "1.0.16",
   "description": "Drumee Infrastructure Setup Utilities",
   "main": "index.js",
   "scripts": {
@@ -17,7 +17,7 @@
   "author": "Somanos Sar <somanos@drumee.com>",
   "license": "AGPL V3",
   "dependencies": {
-    "@drumee/server-essentials": "^1.1.31",
+    "@drumee/server-essentials": "^1.1.26",
     "argparse": "^2.0.1",
     "crypto": "^1.0.1",
     "jsonfile": "^5.0.0",

package/templates/etc/bind/named.conf.local

@@ -0,0 +1,39 @@
+//
+// Configs setup by Drumee setup-infra utility
+//
+
+include "/etc/bind/named.conf.log";
+include "<%= nsupdate_key %>";
+<% if (typeof(public_domain) !== "undefined" && public_domain != "" ) { %>
+zone "<%= public_domain %>" {
+    type master;
+    file "/var/lib/bind/<%= public_domain %>";
+    allow-query { any; };
+    allow-update { key "update"; };
+    allow-transfer { <%= public_ip4 %>; };
+};
+<% } %>
+<% if (typeof(reverse_public_ip4) !== "undefined" && reverse_public_ip4 != "" ) { %>
+zone "<%= reverse_public_ip4 %>.in-addr.arpa" {
+    type master;
+    file "/var/lib/bind/<%= reverse_public_ip4 %>";
+    allow-query { any; };
+};
+<% } %>
+
+<% if (typeof(private_domain) !== "undefined" && private_domain != "" ) { %>
+zone "<%= private_domain %>" {
+    type master;
+    file "/var/lib/bind/<%= private_domain %>";
+    allow-query { any; };
+    allow-update { key "update"; };
+    allow-transfer { <%= private_ip4 %>; };
+};
+<% } %>
+<% if (typeof(reverse_private_ip4) !== "undefined" && reverse_private_ip4 != "" ) { %>
+zone "<%= reverse_private_ip4 %>.in-addr.arpa" {
+    type master;
+    file "/var/lib/bind/<%= private_ip4 %>";
+    allow-query { any; };
+};
+<% } %>

package/templates/etc/bind/named.conf.options

@@ -14,20 +14,29 @@ options {
 	// If BIND logs error messages about the root key being expired,
 	// you will need to update your keys.  See https://www.isc.org/bind-keys
 	//============================================================
-	dnssec-validation auto;
-
-	listen-on-v6 { any; };
 
 	// hide version number from clients for security reasons.
 	version "not currently available";
 
     // allow recursion for trusted clients only.
-    recursion yes;
     allow-query { <%= allow_recursion %> };
 
+    recursion yes;
+    allow-recursion { ::/0; 0.0.0.0/0; };
+
 	// enable the query log
 	querylog yes;
 
 	// disallow zone transfer
 	allow-transfer { none; };
+
+	forwarders {
+        8.8.8.8;
+        8.8.4.4;
+	};
+
+    dnssec-validation no;
+    auth-nxdomain no;    # conform to RFC1035
+    listen-on-v6 { any; };
+
 };

package/templates/etc/dhcp/dhclient.conf

@@ -0,0 +1,55 @@
+# Configuration file for /sbin/dhclient.
+#
+# This is a sample configuration file for dhclient. See dhclient.conf's
+#	man page for more information about the syntax of this file
+#	and a more comprehensive list of the parameters understood by
+#	dhclient.
+#
+# Normally, if the DHCP server provides reasonable information and does
+#	not leave anything out (like the domain name, for example), then
+#	few changes must be made to this file, if any.
+#
+
+option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
+
+send host-name = gethostname();
+request subnet-mask, broadcast-address, time-offset, routers,
+	domain-name, domain-name-servers, domain-search, host-name,
+	dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
+	netbios-name-servers, netbios-scope, interface-mtu,
+	rfc3442-classless-static-routes, ntp-servers;
+
+#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
+#send dhcp-lease-time 3600;
+#supersede domain-name "fugue.com home.vix.com";
+prepend domain-name-servers <%= private_ip4 %>;
+#require subnet-mask, domain-name-servers;
+#timeout 60;
+#retry 60;
+#reboot 10;
+#select-timeout 5;
+#initial-interval 2;
+#script "/sbin/dhclient-script";
+#media "-link0 -link1 -link2", "link0 link1";
+#reject 192.33.137.209;
+
+
+#alias {
+#  interface "eth0";
+#  fixed-address 192.168.0.195;
+#  option subnet-mask 255.255.255.0;
+#}
+
+lease {
+  interface "<%= private_if4 %>";
+  fixed-address <%= private_ip4 %>;
+#  medium "link0 link1";
+#  option host-name "andare.swiftmedia.com";
+  option subnet-mask <%= private_subnet_mask %>;
+  option broadcast-address <%= private_broadcast_address %>;
+#  option routers 192.33.137.250;
+#  option domain-name-servers 127.0.0.1;
+#  renew 2 2000/1/12 00:00:01;
+#  rebind 2 2000/1/12 00:00:01;
+#  expire 2 2000/1/12 00:00:01;
+}

package/templates/etc/drumee/certs/jitsi.private.cnf

@@ -0,0 +1,13 @@
+[ req ]
+default_bits        = 2048
+prompt              = no
+default_md          = sha256
+distinguished_name  = dn
+
+[ dn ]
+C  = XX
+ST = YourState
+L  = YourCity
+O  = Drumee Web OO
+OU = Drumee Conferennce Services
+CN = *.<%= jitsi_private_domain %>

package/templates/etc/drumee/certs/private.cnf

@@ -0,0 +1,13 @@
+[ req ]
+default_bits        = 2048
+prompt              = no
+default_md          = sha256
+distinguished_name  = dn
+
+[ dn ]
+C  = XX
+ST = YourState
+L  = YourCity
+O  = Drumee Web OS
+OU = Drumee API services
+CN = *.<%= private_domain %>

package/templates/etc/drumee/conf.d/conference.private.json

@@ -0,0 +1,9 @@
+{
+  "domain": "<%= jitsi_private_domain %>",
+  "hosts": {
+    "domain": "<%= jitsi_private_domain %>",
+    "muc": "conference.<%= jitsi_private_domain %>"
+  },
+  "bosh": "https://<%= jitsi_private_domain %>/http-bind",
+  "auth": ["<%= app_id %>", "<%= app_password %>"]
+}

package/templates/etc/drumee/conf.d/conference.public.json

@@ -0,0 +1,9 @@
+{
+  "domain": "<%= jitsi_public_domain %>",
+  "hosts": {
+    "domain": "<%= jitsi_public_domain %>",
+    "muc": "conference.<%= jitsi_public_domain %>"
+  },
+  "bosh": "https://<%= jitsi_public_domain %>/http-bind",
+  "auth": ["<%= app_id %>", "<%= app_password %>"]
+}

package/templates/etc/drumee/conf.d/myDrumee.json.tpl

@@ -8,7 +8,8 @@
     "ru",
     "zh"
   ],
-  "verbosity": 2,
+  "verbosity": <%= logLevel %>,
+  "logLevel": <%= logLevel %>,
   "useEmail":<%= use_email %>,
   "quota": {
     "watermark": "<%= quota_watermark %>"

package/templates/etc/drumee/drumee.sh.tpl

@@ -5,6 +5,9 @@
 # -------------------------------------------------------------
 
 export CERTS_DIR=<%= certs_dir %>
+if [ -d "$OWN_CERTS_DIR" ]; then
+  export ACME_DIR="$OWN_CERTS_DIR"
+fi
 
 <% if (typeof(public_domain) !== "undefined" && public_domain != "" ) { %>
 export ACME_CA_SERVER=<%= ca_server %>
@@ -13,11 +16,25 @@ export ACME_EMAIL_ACCOUNT=<%= acme_email_account %>
 export ACME_STORE=<%= certs_dir %>/<%= public_domain %>_ecc
 export NSUPDATE_SERVER=ns1.<%= public_domain %>
 export NSUPDATE_ZONE=<%= public_domain %>
-export DRUMEE_PUBLIC_DOMAIN=<%= public_domain %>
+export PUBLIC_DOMAIN=<%= public_domain %>
+export DRUMEE_DOMAIN_NAME=<%= public_domain %>
 <% } %>
 
-<% if (typeof(jitsi_domain) !== "undefined" && jitsi_domain != "" ) { %>
-export JITSI_DOMAIN=<%= jitsi_domain %>
+<% if (typeof(private_domain) !== "undefined" && private_domain != "" ) { %>
+export ACME_STORE=<%= certs_dir %>/<%= private_domain %>_ecc
+export PRIVATE_DOMAIN=<%= private_domain %>
+<% if (typeof(public_domain) === "undefined" || public_domain == "" ) { %>
+export DRUMEE_DOMAIN_NAME=<%= private_domain %>
+<% } %>
+
+<% } %>
+
+<% if (/^jit\.(.+)$/.test(jitsi_public_domain)) { %>
+export JITSI_DOMAIN=<%= jitsi_public_domain %>
+#jitsi_public_domain |<%= jitsi_public_domain %>|<%= typeof(jitsi_public_domain) %>|
+<% } else if (/^jit\.(.+)$/.test(jitsi_private_domain)) { %>
+#jitsi_private_domain
+export JITSI_DOMAIN=<%= jitsi_private_domain %>
 <% } %>
 
 export APP_ROUTING_MARK=<%= public_ui_root %>
@@ -26,25 +43,23 @@ export NSUPDATE_KEY=<%= nsupdate_key %>
 export DRUMEE_DB_DIR=<%= db_dir %>
 export DRUMEE_CACHE_DIR=<%= cache_dir %>
 export DRUMEE_DATA_DIR=<%= data_dir %>
-export DRUMEE_TMP_DIR=$DRUMEE_DATA_DIR/tmp
-export DRUMEE_MFS_DIR=$DRUMEE_DATA_DIR/mfs
 export DRUMEE_EXPORT_DIR=<%= export_dir %>
 export DRUMEE_IMPORT_DIR=<%= import_dir %>
 export DRUMEE_LOG_DIR=<%= log_dir %>
-export DRUMEE_ROOT=<%= drumee_root %>
-export DRUMEE_RUNTIME_DIR=$DRUMEE_ROOT/runtime
-export DRUMEE_STATIC_DIR=$DRUMEE_ROOT/static
-export DRUMEE_UI_HOME=$DRUMEE_RUNTIME_DIR/ui
-export DRUMEE_SERVER_HOME=$DRUMEE_RUNTIME_DIR/server
-export DRUMEE_SCHEMAS_DIR=$DRUMEE_SERVER_HOME/schemas
-export DRUMEE_SERVER_NODE=$DRUMEE_SERVER_HOME/node_modules
+export DRUMEE_MFS_DIR=<%= data_dir %>/mfs
+export DRUMEE_ROOT='/srv/drumee'
+export DRUMEE_RUNTIME_DIR=<%= runtime_dir %>
+export DRUMEE_SCHEMAS_DIR=<%= runtime_dir %>/server/schemas
+export DRUMEE_SERVER_HOME=<%= server_dir %>
+export DRUMEE_SERVER_MAIN=<%= server_location %>
+export DRUMEE_SERVER_NODE=<%= server_location %>/node_modules
+export DRUMEE_STATIC_DIR=<%= static_dir %>
 export DRUMEE_SYSTEM_GROUP=<%= system_group %>
 export DRUMEE_SYSTEM_USER=<%= system_user %>
+export DRUMEE_TMP_DIR=<%= data_dir %>/tmp
+export DRUMEE_UI_HOME=<%= runtime_dir %>/ui
 export DRUMEE_BACKUP_STORAGE=<%= backup_storage %>
 export DRUMEE_DB_BACKUP=<%= backup_storage %>/db
-export OWN_CERTS_DIR=<%= own_certs_dir %>
 export PUBLIC_UI_ROOT=<%= public_ui_root %>
-
-if [ -d "$OWN_CERTS_DIR" ]; then
-  export ACME_DIR="$OWN_CERTS_DIR"
-fi
+export PUBLIC_HTTP_PORT=<%= public_http_port %>
+export PUBLIC_HTTPS_PORT=<%= public_https_port %>

package/templates/etc/drumee/infrastructure/internals/accel.private.conf.tpl

@@ -0,0 +1,47 @@
+# -------------------------------------------------------------
+# ! DO NOT EDIT !
+# Config file automatically generated by <setup-infra>
+# Date : <%= date %>
+# -------------------------------------------------------------
+
+location /mfs/ {
+  gzip off;
+  internal;
+  add_header Cache-Control max-age=31536000;
+  add_header Content-Encoding $upstream_http_content_encoding;
+  add_header Access-Control-Allow-Origin <%= private_domain %>;
+  alias <%= data_dir %>/mfs/;
+}
+
+location /accel/ {
+  gzip off;
+  internal;
+  add_header Cache-Control max-age=31536000;
+  add_header Content-Encoding $upstream_http_content_encoding;
+  add_header Access-Control-Allow-Origin *;
+  alias <%= static_dir %>/;
+}
+
+location /-/static/ {
+  gzip off;
+  add_header Cache-Control max-age=31536000;
+  add_header Content-Encoding $upstream_http_content_encoding;
+  add_header Access-Control-Allow-Origin *;
+  alias <%= static_dir %>/;
+}
+
+location /-/images/ {
+  gzip off;
+  add_header Cache-Control max-age=31536000;
+  add_header Content-Encoding $upstream_http_content_encoding;
+  add_header Access-Control-Allow-Origin *;
+  alias <%= static_dir %>/images/;
+}
+
+location /-/fonts/ {
+  gzip off;
+  add_header Cache-Control max-age=31536000;
+  add_header Content-Encoding $upstream_http_content_encoding;
+  add_header Access-Control-Allow-Origin *;
+  alias <%= static_dir %>/fonts/;
+}

package/templates/etc/drumee/infrastructure/internals/{accel.conf.tpl → accel.public.conf.tpl}

@@ -9,7 +9,7 @@ location /mfs/ {
   internal;
   add_header Cache-Control max-age=31536000;
   add_header Content-Encoding $upstream_http_content_encoding;
-  add_header Access-Control-Allow-Origin <%= domain %>;
+  add_header Access-Control-Allow-Origin <%= public_domain %>;
   alias <%= data_dir %>/mfs/;
 }
 

package/templates/etc/drumee/infrastructure/{platform.json.tpl → mfs.private.conf.tpl}

@@ -5,12 +5,12 @@
 # -------------------------------------------------------------
 
 location / {
-  location ~ (.+)\.(.+)$ {
-    #expires 7d;
+  index /-/;
+
+  location ~ (.+)$ {
     add_header Cache-Control max-age=31536000;
-    #add_header Vary "Accept-Encoding";
     fastcgi_hide_header Set-Cookie;
-    add_header Access-Control-Allow-Origin <%= domain %>;
-    rewrite /(.+)$ <%= public_ui_root %>/service/?service=media.raw&p=$1&d=inline;
+    add_header Access-Control-Allow-Origin <%= private_domain %>;
+    rewrite /(.+)$ <%= public_ui_root %>/svc/media.raw?p=/$1&d=inline;
   }
 }

package/templates/etc/drumee/infrastructure/{mfs.conf.tpl → mfs.public.conf.tpl}

@@ -10,7 +10,7 @@ location / {
   location ~ (.+)$ {
     add_header Cache-Control max-age=31536000;
     fastcgi_hide_header Set-Cookie;
-    add_header Access-Control-Allow-Origin <%= domain %>;
+    add_header Access-Control-Allow-Origin <%= public_domain %>;
     rewrite /(.+)$ <%= public_ui_root %>/svc/media.raw?p=/$1&d=inline;
   }
 }

package/templates/etc/drumee/infrastructure/routes/private.conf.tpl

@@ -0,0 +1,143 @@
+# -------------------------------------------------------------
+# ! DO NOT EDIT !
+# Config file automatically generated by <setup-infra>
+# Date : <%= date %>
+# -------------------------------------------------------------
+
+
+location <%= location %>app/ {
+  alias <%= ui_location %>/app/;
+  add_header Cache-Control max-age=31536000;
+  add_header Access-Control-Allow-Origin <%= private_domain %>;
+  fastcgi_hide_header Set-Cookie;
+  break;
+}
+
+# Frontend application assets
+location <%= location %>api/ {
+  alias <%= ui_location %>/api/;
+  add_header Cache-Control max-age=31536000;
+  add_header Access-Control-Allow-Origin <%= private_domain %>;
+  fastcgi_hide_header Set-Cookie;
+  break;
+}
+
+# Frontend application assets
+location <%= location %>plugins/ {
+  alias <%= ui_location %>/plugins/;
+  add_header Cache-Control max-age=31536000;
+  add_header Access-Control-Allow-Origin <%= private_domain %>;
+  fastcgi_hide_header Set-Cookie;
+  break;
+}
+
+
+# Frontend application templates
+location <%= location %>bb-templates/ {
+  alias  <%= ui_location %>/bb-templates/;
+  add_header Cache-Control max-age=31536000;
+  add_header Access-Control-Allow-Origin *;
+  fastcgi_hide_header Set-Cookie;
+  break;
+}
+
+
+location <%= location %> {
+  fastcgi_hide_header Set-Cookie;
+  add_header Cache-Control max-age=31536000;
+
+  location ~ /(svc|vdo|service)/ {
+    proxy_pass http://127.0.0.1:<%= restPort %>;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection 'upgrade';
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Real-IP       $remote_addr;
+    proxy_set_header X-Connecting-IP $remote_addr;
+    proxy_set_header Host       	$host;
+    add_header Vary "Accept-Encoding";
+    fastcgi_hide_header Set-Cookie;
+    break;
+  }
+
+  location ~ /(ws|websocket)/ {
+    proxy_pass http://127.0.0.1:<%= pushPort %>;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection 'upgrade';
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Real-IP       $remote_addr;
+    proxy_set_header X-Connecting-IP $remote_addr;
+    proxy_set_header Host       	$host;
+    add_header Vary "Accept-Encoding";
+    fastcgi_hide_header Set-Cookie;
+    break;
+  }
+
+#------------ parts/apis ------------
+  location ~ /file/(.+)/(.*)$ {
+    fastcgi_hide_header Set-Cookie;
+    rewrite /file/(.+)/(.+)/(.+)\.(.*)$ /-/svc/media.$1?nid=$2&hub_id=$3 last;
+    rewrite /file/(.+)/(.+)/(.+)/(.*)$ /-/svc/media.$1?nid=$2&hub_id=$3 last;
+    rewrite /file/(.+)/(.+)/(.+)$ /-/svc/media.$1?nid=$2&hub_id=$3 last;
+    rewrite /file/(.+)/(.+)\.(.+)$ /-/svc/media.$1?nid=$2 last;
+    rewrite /file/(.+)/(.+)$ /-/svc/media.$1?nid=$2 last;
+    break;
+  }
+
+
+  location ~ /doc/(.+)/(.*)$ {
+    add_header Cache-Control max-age=31536000;
+    fastcgi_hide_header Set-Cookie;
+    rewrite /doc/(.+)/(.+)/(.+)\.(.*)$ /-/svc/media.read?page=$1&nid=$2&hub_id=$3 last;
+    rewrite /doc/(.+)/(.+)/(.+)$ /-/svc/media.read?page=$1&nid=$2&hub_id=$3 last;
+    rewrite /doc/(.+)/(.+)\.(.+)$ /-/svc/media.read?page=$1&nid=$2 last;
+    rewrite /doc/(.+)/(.+)$ /-/svc/media.read?page=$1&nid=$2 last;
+    break;
+  }
+
+  location ~ /letc/(.+)$ {
+    add_header Cache-Control max-age=31536000;
+    fastcgi_hide_header Set-Cookie;
+    rewrite /letc/(.+)\@(.+)$ /-/svc/block.content?hashtag=$1&owner=$2 last;
+    rewrite /letc/(.+)/(.+)$ /-/svc/block.content?hashtag=$1&owner=$2 last;
+    rewrite /letc/(.+)$ /-/svc/block.content?hashtag=$1 last;
+    break;
+  }
+
+
+  location ~ /avatar/(.+)$ {
+    add_header Pragma public;
+    add_header Cache-Control max-age=31536000;
+    fastcgi_hide_header Set-Cookie;
+    add_header Access-Control-Allow-Origin <%= private_domain %>;
+    rewrite /avatar/(.+)$ /-/svc/yp.avatar?id=$1 last;
+    break;
+  }
+
+  location ~ (.+)\.(.+)$ {
+    fastcgi_hide_header Set-Cookie;
+    add_header Cache-Control max-age=31536000;
+    add_header Access-Control-Allow-Origin <%= private_domain %>;
+    rewrite /somanos/(.+)$ /-/svc/media.raw&p=$1&d=inline;
+    break;
+  }
+
+
+#------------ parts/index ------------
+  location ~ (/|)$ {
+    proxy_pass http://127.0.0.1:<%= pushPort %>;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection 'upgrade';
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Real-IP       $remote_addr;
+    proxy_set_header X-Connecting-IP $remote_addr;
+    proxy_set_header Host       	$host;
+    proxy_set_header Referer       	$http_referer;
+    add_header Access-Control-Allow-Credentials true;
+    add_header Vary "Accept-Encoding";
+    fastcgi_hide_header Set-Cookie;
+  }
+
+}

package/templates/etc/drumee/infrastructure/routes/{main.conf.tpl → public.conf.tpl}

@@ -6,28 +6,27 @@
 
 
 location <%= location %>app/ {
-  alias <%= drumee_root %>/runtime/ui/<%= endpoint_name %>/app/;
+  alias <%= ui_location %>/app/;
   add_header Cache-Control max-age=31536000;
-  add_header Access-Control-Allow-Origin <%= domain %>;
+  add_header Access-Control-Allow-Origin <%= public_domain %>;
   fastcgi_hide_header Set-Cookie;
   break;
 }
 
 # Frontend application assets
 location <%= location %>api/ {
-  alias <%= drumee_root %>/runtime/ui/<%= endpoint_name %>/api/;
+  alias <%= ui_location %>/api/;
   add_header Cache-Control max-age=31536000;
-  add_header Access-Control-Allow-Origin <%= domain %>;
+  add_header Access-Control-Allow-Origin <%= public_domain %>;
   fastcgi_hide_header Set-Cookie;
   break;
 }
 
 # Frontend application assets
-location 
-plugins/ {
-  alias <%= drumee_root %>/runtime/ui/<%= endpoint_name %>/plugins/;
+location <%= location %>plugins/ {
+  alias <%= ui_location %>/plugins/;
   add_header Cache-Control max-age=31536000;
-  add_header Access-Control-Allow-Origin <%= domain %>;
+  add_header Access-Control-Allow-Origin <%= public_domain %>;
   fastcgi_hide_header Set-Cookie;
   break;
 }
@@ -35,7 +34,7 @@ plugins/ {
 
 # Frontend application templates
 location <%= location %>bb-templates/ {
-  alias  <%= drumee_root %>/runtime/ui/<%= endpoint_name %>/bb-templates/;
+  alias  <%= ui_location %>/bb-templates/;
   add_header Cache-Control max-age=31536000;
   add_header Access-Control-Allow-Origin *;
   fastcgi_hide_header Set-Cookie;
@@ -53,12 +52,9 @@ location <%= location %> {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection 'upgrade';
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Real-IP       $remote_addr;
     proxy_set_header X-Connecting-IP $remote_addr;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-Port $server_port;  # The port Nginx is listening on
-    proxy_set_header X-Original-Port $http_host;
+    proxy_set_header Host       	$host;
     add_header Vary "Accept-Encoding";
     fastcgi_hide_header Set-Cookie;
     break;
@@ -70,12 +66,9 @@ location <%= location %> {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection 'upgrade';
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Real-IP       $remote_addr;
     proxy_set_header X-Connecting-IP $remote_addr;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-Port $server_port;  # The port Nginx is listening on
-    proxy_set_header X-Original-Port $http_host;
+    proxy_set_header Host       	$host;
     add_header Vary "Accept-Encoding";
     fastcgi_hide_header Set-Cookie;
     break;
@@ -117,7 +110,7 @@ location <%= location %> {
     add_header Pragma public;
     add_header Cache-Control max-age=31536000;
     fastcgi_hide_header Set-Cookie;
-    add_header Access-Control-Allow-Origin <%= domain %>;
+    add_header Access-Control-Allow-Origin <%= public_domain %>;
     rewrite /avatar/(.+)$ /-/svc/yp.avatar?id=$1 last;
     break;
   }
@@ -125,8 +118,8 @@ location <%= location %> {
   location ~ (.+)\.(.+)$ {
     fastcgi_hide_header Set-Cookie;
     add_header Cache-Control max-age=31536000;
-    add_header Access-Control-Allow-Origin <%= domain %>;
-    rewrite /<%= endpoint_name %>/(.+)$ /-/svc/media.raw&p=$1&d=inline;
+    add_header Access-Control-Allow-Origin <%= public_domain %>;
+    rewrite /somanos/(.+)$ /-/svc/media.raw&p=$1&d=inline;
     break;
   }
 
@@ -138,13 +131,10 @@ location <%= location %> {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection 'upgrade';
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Real-IP       $remote_addr;
     proxy_set_header X-Connecting-IP $remote_addr;
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-Port $server_port;  # The port Nginx is listening on
-    proxy_set_header X-Original-Port $http_host;
-    proxy_set_header Referer $http_referer;
-    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host       	$host;
+    proxy_set_header Referer       	$http_referer;
     add_header Access-Control-Allow-Credentials true;
     add_header Vary "Accept-Encoding";
     fastcgi_hide_header Set-Cookie;