ecelis/nginx_ssl_proxy.conf

## nginx_ssl_proxy.conf
server {
  listen 443 ssl;
  server_name _;

  ssl_certificate /path/to/cert.crt;
  ssl_certificate_key /path/to/cert.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:TLS:2m;

  location / {
    proxy_pass https://x.x.x.x;
    proxy_ssl_protocol SSLv3 SSLv2; # or any which needs to be proxied
    proxy_ssl_certificate /path/to/cert.crt;
    proxy_ssl_certificate_key /path/to/cert.key;
    #proxy_ssl_trusted_certificate /path/to/trustcert.crt;
    #proxy_ssl_password_file /path/to/secret.file;
    #proxy_ssl_verify off;
    proxy_buffering off;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}
	server {
	listen 443 ssl;
	server_name _;

	ssl_certificate /path/to/cert.crt;
	ssl_certificate_key /path/to/cert.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:TLS:2m;

	location / {
	proxy_pass https://x.x.x.x;
	proxy_ssl_protocol SSLv3 SSLv2; # or any which needs to be proxied
	proxy_ssl_certificate /path/to/cert.crt;
	proxy_ssl_certificate_key /path/to/cert.key;
	#proxy_ssl_trusted_certificate /path/to/trustcert.crt;
	#proxy_ssl_password_file /path/to/secret.file;
	#proxy_ssl_verify off;
	proxy_buffering off;
	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}