Nginx config example of reverse proxy for LDAP and HTTP

## nginx.conf
# http://nginx.org/en/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/log/nginx/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr $http_iv_user $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"'
                      '$request_time $upstream_response_time $pipe';

    access_log  /var/log/nginx/access.log main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    server {
        # HTTPS terminates here
        listen  443 ssl;
        server_name  site.mydomain.com;

        keepalive_timeout   240;
        proxy_read_timeout      720;
        client_max_body_size 30M;
        client_header_buffer_size 32k;
        large_client_header_buffers 32 256k;

        ssl_certificate         /etc/nginx/site.mydomain.com.pem;
        ssl_certificate_key     /etc/nginx/site.mydomain.com.key;

        location / {
                proxy_pass      http://localhost;
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $scheme;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }
}

stream {
    server {
        # LDAPS terminates here
        listen 636 ssl;
        proxy_pass localhost:389;
        ssl_certificate         /etc/nginx/ldap.mydomain.com.pem;
        ssl_certificate_key     /etc/nginx/ldap.mydomain.com.key;
    }
}
	# http://nginx.org/en/docs/

	user nginx;
	worker_processes auto;
	error_log /var/log/nginx/error.log warn;
	pid /var/log/nginx/nginx.pid;

	events {
	worker_connections 1024;
	}

	http {
	log_format main '$remote_addr $http_iv_user $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"'
	'$request_time $upstream_response_time $pipe';

	access_log /var/log/nginx/access.log main;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	server {
	# HTTPS terminates here
	listen 443 ssl;
	server_name site.mydomain.com;

	keepalive_timeout 240;
	proxy_read_timeout 720;
	client_max_body_size 30M;
	client_header_buffer_size 32k;
	large_client_header_buffers 32 256k;

	ssl_certificate /etc/nginx/site.mydomain.com.pem;
	ssl_certificate_key /etc/nginx/site.mydomain.com.key;

	location / {
	proxy_pass http://localhost;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/html;
	}
	}
	}

	stream {
	server {
	# LDAPS terminates here
	listen 636 ssl;
	proxy_pass localhost:389;
	ssl_certificate /etc/nginx/ldap.mydomain.com.pem;
	ssl_certificate_key /etc/nginx/ldap.mydomain.com.key;
	}
	}