server { listen 8080; server_name localhost; # Root set to okta-auth directory to serve iframe-oauth-flow.html # UPDATE THIS PATH: Replace with your actual project path + /okta-auth root /path/to/your/AgentCore/okta-auth; index iframe-oauth-flow.html; # Security headers for OIDC add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; # CORS headers for Okta integration add_header Access-Control-Allow-Origin "https://*.okta.com" always; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept" always; add_header Access-Control-Allow-Credentials "true" always; # Main location - serve iframe-oauth-flow.html location / { try_files $uri $uri/ =404; # Cache static assets location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { expires 1y; add_header Cache-Control "public, immutable"; } } # Location block for okta-auth route location /okta-auth { # UPDATE THIS PATH: Replace with your actual project path + /okta-auth alias /path/to/your/AgentCore/okta-auth; try_files $uri $uri/ /okta-auth/iframe-oauth-flow.html; # Set index for this location location = /okta-auth { return 301 /okta-auth/; } location = /okta-auth/ { try_files /iframe-oauth-flow.html =404; } } # Health check location /health { access_log off; return 200 "healthy\n"; add_header Content-Type text/plain; } # Error pages error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /404.html { root /usr/share/nginx/html; } location = /50x.html { root /usr/share/nginx/html; } # Logging access_log /var/log/nginx/okta-local.access.log; error_log /var/log/nginx/okta-local.error.log; }