Created
August 7, 2020 16:30
-
-
Save ewingson/318278b488750d63be4a32df93858f21 to your computer and use it in GitHub Desktop.
_config_
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http { | |
#... | |
upstream backend.example.com { | |
server backend1.example.com:443; | |
server backend2.example.com:443; | |
} | |
server { | |
listen 80; | |
server_name www.example.com; | |
#... | |
location /upstream { | |
proxy_pass https://backend.example.com; | |
proxy_ssl_certificate /etc/nginx/client.pem; | |
proxy_ssl_certificate_key /etc/nginx/client.key; | |
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
proxy_ssl_ciphers HIGH:!aNULL:!MD5; | |
proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt; | |
proxy_ssl_verify on; | |
proxy_ssl_verify_depth 2; | |
proxy_ssl_session_reuse on; | |
} | |
} | |
server { | |
listen 443 ssl; | |
server_name backend1.example.com; | |
ssl_certificate /etc/ssl/certs/server.crt; | |
ssl_certificate_key /etc/ssl/certs/server.key; | |
ssl_client_certificate /etc/ssl/certs/ca.crt; | |
ssl_verify_client optional; | |
location /yourapp { | |
proxy_pass http://url_to_app.com; | |
#... | |
} | |
server { | |
listen 443 ssl; | |
server_name backend2.example.com; | |
ssl_certificate /etc/ssl/certs/server.crt; | |
ssl_certificate_key /etc/ssl/certs/server.key; | |
ssl_client_certificate /etc/ssl/certs/ca.crt; | |
ssl_verify_client optional; | |
location /yourapp { | |
proxy_pass http://url_to_app.com; | |
#... | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment