Nginx config for vhost with SSL cert.

tileserver.yaml

server {
 listen 3650; # Port the site will be public on

  server_name some.ip.address; # Change to your servers ip or dns address
  
  # SSL Cert settings
  ssl_certificate           /etc/nginx/cert.crt;
  ssl_certificate_key       /etc/nginx/cert.key;

  ssl on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols SSLv3 TLSv1; #Skip v2 for security reasons.
  ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
  ssl_prefer_server_ciphers on;
  
  # OPTIONAL: Access and error logs location. I pipe this to elasticsearch using filebeat.
  access_log /var/log/nginx/access.log;
  error_log  /var/log/nginx/error.log info;

 location / {
  # Default proxy settings
  proxy_pass http://localhost:3649; # Localhost port of your service to be forwarded
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;

  # CORS Fix. Replaces headers and allows cross origin from all domains.
  # WARNING: Please do not use this in production. Set the proper access control headers below.
  add_header 'Access-Control-Allow-Origin' '*';
  add_header 'Access-Control-Allow-Credentials' 'true';
  add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
  add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modi$
  add_header 'Access-Control-Max-Age' 3600;
  add_header 'Content-Type' 'text/plain charset=UTF-8';
  add_header 'Content-Length' 0;
     
  if ($request_method = 'OPTIONS') {
    return 204;
  }

 }
}

Used in the article https://alanmk.medium.com/running-kibana-with-a-custom-mapping-service-297ed02ec3de