For NGINX it’s a default deny, with only some things permitted.
/api/webhook
/api/websocket
location /api/webhook {
allow all;
include conf.d/proxy.conf;
proxy_pass http://127.0.0.1:8123;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_ignore_client_abort on;
}
location /api/websocket {
allow all;
include conf.d/proxy.conf;
proxy_pass http://127.0.0.1:8123;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_ignore_client_abort on;
}
location / {
satisfy any;
deny all;
}