Created
April 19, 2011 16:05
-
-
Save gvarela/928606 to your computer and use it in GitHub Desktop.
ssl proxy with nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 443 ssl; | |
server_name sg-wholesale.dev; | |
ssl on; | |
ssl_certificate ssl/sg-wholesale.dev.crt; | |
ssl_certificate_key ssl/sg-wholesale.dev.key; | |
keepalive_timeout 60; | |
ssl_session_timeout 5m; | |
ssl_protocols SSLv2 SSLv3 TLSv1; | |
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; | |
ssl_prefer_server_ciphers on; | |
location / { | |
proxy_pass http://127.0.0.1; | |
### force timeouts if one of backend is died ## | |
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; | |
### Set headers #### | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
### Most PHP, Python, Rails, Java App can use this header ### | |
proxy_set_header X-Forwarded-Proto https; | |
### By default we don't want to redirect it #### | |
proxy_redirect off; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here's the text of the blog post that was at http://shiny-bits-of-code.tumblr.com/post/4749553253/ssl-proxy-with-nginx:
SSL proxy with Nginx
I was working on a small project for my wife’s business integrating an online ordering system with Quickbooks web connector. The web connector requires an ssl connection since I am using a VM to run quickbooks as I develop on OS X. Most of the development servers don’t run SSL for obvious reasons so I needed a light weight method to have an SSL connection.
I happened upon this article http://www.cyberciti.biz/faq/howto-linux-unix-setup-nginx-ssl-proxy/ which made the setup super easy with a self signed cert. Currently I am using pow.cx as my dev server which binds it’s DNS resolver to localhost. So, all I have to do in the nginx proxy is set the proxy_pass to http://127.0.0.1 and the server name to my pow host (http://my-app.dev).
If you are using homebrew for nginx note that the reload command does not exist you have to use ‘kill -HUP pid’.