/etc/nginx/sites-enabled/example.com.conf
server {
server_name example.com;
listen [::]:443 ssl;
listen 443 ssl;
index index.html;
root /var/www/example.com;
location / {
try_files $uri$args $uri$args/ /index.html;
}
location /api {
# Reverse Proxy to Cloudflare-protected url
proxy_pass https://api.example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $proxy_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# https://serverfault.com/a/969851
# We need this one since our app is behind Cloudflare.
proxy_ssl_server_name on;
}
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
# Cloudflare's Origin Certificates
ssl on;
ssl_certificate /etc/ssl/certs/example.com.cert.pem;
ssl_certificate_key /etc/ssl/private/example.com.key.pem;
# Cloudflare's Authenticated Origin Pulls
ssl_client_certificate /etc/ssl/certs/example.com.AOP.crt;
ssl_verify_client on;
}
server {
server_name example.com;
listen 80;
listen [::]:80;
if ($host = example.com) {
# Redirect to HTTPS
return 301 https://$host$request_uri;
}
return 404;
}