Rebolon/nginx as a proxy for meteor

## nginx as a proxy for meteor
# first generate your self-signed certificates : openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ssl/nginx.key -out ssl/nginx.crt
# and put them in nginx/ssl folder

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;


	server {
		### server port and name ###
			listen          0.0.0.0:443;
		ssl 		on;
			server_name     nixcraft.in;

		### SSL log files ###
			access_log      logs/ssl-access.log;
			error_log       logs/ssl-error.log;

		### SSL cert files ###
			ssl_certificate      ../ssl/nginx.crt;
			ssl_certificate_key  ../ssl/nginx.key;

		### Add SSL specific settings here ###


		ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
		ssl_ciphers RC4:HIGH:!aNULL:!MD5;
			ssl_prefer_server_ciphers on;
			keepalive_timeout    60;
		ssl_session_cache    shared:SSL:10m;
			ssl_session_timeout  10m;

		### We want full access to SSL via backend ###
			location / {
				proxy_pass  http://127.0.0.1:3000;

			### force timeouts if one of backend is died ##
				proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

			### Set headers ####
					proxy_set_header        Accept-Encoding   "";
				proxy_set_header        Host            $host;
				proxy_set_header        X-Real-IP       $remote_addr;
				proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

			### Most PHP, Python, Rails, Java App can use this header ###
			#proxy_set_header X-Forwarded-Proto https;##
			#This is better##
				proxy_set_header        X-Forwarded-Proto $scheme;
			add_header              Front-End-Https   on;


			### By default we don't want to redirect it ####
				proxy_redirect     off;
			}
	}
}
	# first generate your self-signed certificates : openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ssl/nginx.key -out ssl/nginx.crt
	# and put them in nginx/ssl folder

	worker_processes 1;

	events {
	worker_connections 1024;
	}

	http {
	include mime.types;
	default_type application/octet-stream;

	#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	# '$status $body_bytes_sent "$http_referer" '
	# '"$http_user_agent" "$http_x_forwarded_for"';

	#access_log logs/access.log main;

	sendfile on;
	#tcp_nopush on;

	#keepalive_timeout 0;
	keepalive_timeout 65;

	#gzip on;


	server {
	### server port and name ###
	listen 0.0.0.0:443;
	ssl on;
	server_name nixcraft.in;

	### SSL log files ###
	access_log logs/ssl-access.log;
	error_log logs/ssl-error.log;

	### SSL cert files ###
	ssl_certificate ../ssl/nginx.crt;
	ssl_certificate_key ../ssl/nginx.key;

	### Add SSL specific settings here ###


	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers RC4:HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;
	keepalive_timeout 60;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;

	### We want full access to SSL via backend ###
	location / {
	proxy_pass http://127.0.0.1:3000;

	### force timeouts if one of backend is died ##
	proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

	### Set headers ####
	proxy_set_header Accept-Encoding "";
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	### Most PHP, Python, Rails, Java App can use this header ###
	#proxy_set_header X-Forwarded-Proto https;##
	#This is better##
	proxy_set_header X-Forwarded-Proto $scheme;
	add_header Front-End-Https on;


	### By default we don't want to redirect it ####
	proxy_redirect off;
	}
	}
	}