Created
January 23, 2019 23:25
-
-
Save jc1518/35cb055bf779f1a70a5fc6e72637407a to your computer and use it in GitHub Desktop.
Nginx config example of reverse proxy for LDAP and HTTP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# http://nginx.org/en/docs/ | |
user nginx; | |
worker_processes auto; | |
error_log /var/log/nginx/error.log warn; | |
pid /var/log/nginx/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
log_format main '$remote_addr $http_iv_user $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"' | |
'$request_time $upstream_response_time $pipe'; | |
access_log /var/log/nginx/access.log main; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 65; | |
types_hash_max_size 2048; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
server { | |
# HTTPS terminates here | |
listen 443 ssl; | |
server_name site.mydomain.com; | |
keepalive_timeout 240; | |
proxy_read_timeout 720; | |
client_max_body_size 30M; | |
client_header_buffer_size 32k; | |
large_client_header_buffers 32 256k; | |
ssl_certificate /etc/nginx/site.mydomain.com.pem; | |
ssl_certificate_key /etc/nginx/site.mydomain.com.key; | |
location / { | |
proxy_pass http://localhost; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
} | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
root /usr/share/nginx/html; | |
} | |
} | |
} | |
stream { | |
server { | |
# LDAPS terminates here | |
listen 636 ssl; | |
proxy_pass localhost:389; | |
ssl_certificate /etc/nginx/ldap.mydomain.com.pem; | |
ssl_certificate_key /etc/nginx/ldap.mydomain.com.key; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment