Skip to content

Instantly share code, notes, and snippets.

@ewingson

ewingson/_nginx_reverse_proxy_and_ssl_

Created August 7, 2020 16:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ewingson/318278b488750d63be4a32df93858f21 to your computer and use it in GitHub Desktop.
Save ewingson/318278b488750d63be4a32df93858f21 to your computer and use it in GitHub Desktop.
Download ZIP
_config_
Raw
_nginx_reverse_proxy_and_ssl_
http {
#...
upstream backend.example.com {
server backend1.example.com:443;
server backend2.example.com:443;
}
server {
listen 80;
server_name www.example.com;
#...
location /upstream {
proxy_pass https://backend.example.com;
proxy_ssl_certificate /etc/nginx/client.pem;
proxy_ssl_certificate_key /etc/nginx/client.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
}
}
server {
listen 443 ssl;
server_name backend1.example.com;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
ssl_client_certificate /etc/ssl/certs/ca.crt;
ssl_verify_client optional;
location /yourapp {
proxy_pass http://url_to_app.com;
#...
}
server {
listen 443 ssl;
server_name backend2.example.com;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
ssl_client_certificate /etc/ssl/certs/ca.crt;
ssl_verify_client optional;
location /yourapp {
proxy_pass http://url_to_app.com;
#...
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment