Skip to content

Instantly share code, notes, and snippets.

@dev-sareno

dev-sareno/nginx-reverse-proxy-to-cloudflare-protected-url.md

Last active August 14, 2020 08:23
Show Gist options
  • Save dev-sareno/58c6df4566f386716fa39855ead983cf to your computer and use it in GitHub Desktop.
Save dev-sareno/58c6df4566f386716fa39855ead983cf to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx-reverse-proxy-to-cloudflare-protected-url.md

NginX's Reverse Proxy to Cloudflare-protected URL

/etc/nginx/sites-enabled/example.com.conf

server {
    server_name example.com;
    listen [::]:443 ssl;
    listen 443 ssl;

    index index.html;
    root /var/www/example.com;

    location / {
        try_files $uri$args $uri$args/ /index.html;
    }

    location /api {
        # Reverse Proxy to Cloudflare-protected url

        proxy_pass https://api.example.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $proxy_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # https://serverfault.com/a/969851
        # We need this one since our app is behind Cloudflare.
        proxy_ssl_server_name on;
    }

    access_log /var/log/nginx/example.com_access.log;
    error_log /var/log/nginx/example.com_error.log;

    # Cloudflare's Origin Certificates
    ssl on;
    ssl_certificate /etc/ssl/certs/example.com.cert.pem;
    ssl_certificate_key /etc/ssl/private/example.com.key.pem;

    # Cloudflare's Authenticated Origin Pulls
    ssl_client_certificate /etc/ssl/certs/example.com.AOP.crt;
    ssl_verify_client on;
}

server {
    server_name example.com;
    listen 80;
    listen [::]:80;

    if ($host = example.com) {
        # Redirect to HTTPS
        return 301 https://$host$request_uri;
    }

    return 404;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment