publik-common/doc/nginx/sites-available/authentic.conf

server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name  ~^connexion.* ~^authentic-.*;
        include snippets/publik-ssl.conf;

        access_log  /var/log/nginx/authentic2-multitenant-access.log combined_full;
        error_log  /var/log/nginx/authentic2-multitenant-error.log;

        location ~ ^/static/(.+)$ {
            root /;
            try_files /var/lib/authentic2-multitenant/tenants/$host/static/$1
                      /var/lib/authentic2-multitenant/tenants/$host/theme/static/$1
                      /var/lib/authentic2-multitenant/collectstatic/$1
                      =404;
        }

        location ~ ^/media/(.+)$ {
            alias /var/lib/authentic2-multitenant/tenants/$host/media/$1;
        }

        location /robots.txt {
            alias /var/lib/authentic2-multitenant/www/robots.txt;
        }

        location / {
            add_header  'Access-Control-Allow-Origin' '*';
            proxy_pass         http://unix:/var/run/authentic2-multitenant/authentic2-multitenant.sock;
            proxy_set_header   Host $http_host;
            proxy_set_header   X-Forwarded-SSL on;
            proxy_set_header   X-Forwarded-Protocol ssl;
            proxy_set_header   X-Forwarded-Proto https;
            proxy_set_header   X-Real-IP       $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

        }
}