Nginx config example of reverse proxy for LDAP and HTTP

nginx.conf

# http://nginx.org/en/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/log/nginx/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr $http_iv_user $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"'
                      '$request_time $upstream_response_time $pipe';

    access_log  /var/log/nginx/access.log main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
  
    server {
        # HTTPS terminates here
        listen  443 ssl;
        server_name  site.mydomain.com;

        keepalive_timeout   240;
        proxy_read_timeout      720;
        client_max_body_size 30M;
        client_header_buffer_size 32k;
        large_client_header_buffers 32 256k;

        ssl_certificate         /etc/nginx/site.mydomain.com.pem;
        ssl_certificate_key     /etc/nginx/site.mydomain.com.key;

        location / {
                proxy_pass      http://localhost;
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $scheme;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }
}    
    
stream {
    server {
        # LDAPS terminates here
        listen 636 ssl;
        proxy_pass localhost:389;
        ssl_certificate         /etc/nginx/ldap.mydomain.com.pem;
        ssl_certificate_key     /etc/nginx/ldap.mydomain.com.key;
    }
}