Created
February 27, 2019 06:36
-
-
Save InsanusMokrassar/fcc6e09cebd07e46e8f0fdec234750c4 to your computer and use it in GitHub Desktop.
This gist contains template for Nginx server configuration with ssl and reverse proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| server_name $HOST_NAME; | |
| ssl_certificate $PATH_TO_PUBLIC_CERTIFICATE_PART; | |
| ssl_certificate_key $PATH_TO_PRIVATE_CERTIFICATE_PART; | |
| listen 443 ssl; | |
| keepalive_timeout 60; | |
| ssl on; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers "HIGH:!RC4:!aNULL:!MD5:!kEDH"; | |
| add_header Strict-Transport-Security 'max-age=604800'; | |
| proxy_set_header X-Forwarded-Server $host; | |
| proxy_set_header X-Forwarded-Host $host; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| # set max upload size | |
| client_max_body_size 4000M; | |
| sendfile on; | |
| send_timeout 600s; | |
| proxy_connect_timeout 600; | |
| location /$PROXY_PUBLIC_POSTFIX_ADDRESS { | |
| proxy_pass http://localhost:$PROXY_INNER_PORT; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment