Created
July 25, 2016 16:02
-
-
Save jnovack/db382cc0e7cc1d9c331c0f0ca0872978 to your computer and use it in GitHub Desktop.
nginx Reverse SSL Proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/nginx/nginx.conf | |
# ... | |
http { | |
# ... | |
include /etc/nginx/sites-enabled/*.conf | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/nginx/sites-enabled/proxy.conf | |
upstream load_balanced_backend { | |
ip_hash; | |
server 10.100.0.200:443; # real server 1 | |
server 10.100.0.201:443; # real server 2 | |
} | |
server { | |
listen 10.100.0.100:80; # THIS server | |
return 301 https://$host$request_uri; | |
} | |
server { | |
listen 10.100.0.100:443; # THIS server | |
server_name sub.domain.tld; # name on SSL certificate | |
ssl_certificate /etc/nginx/ssl/sub.domain.tld.crt; # path to SSL cert | |
ssl_certificate_key /etc/nginx/ssl/sub.domain.tld.key; # path to SSL key | |
ssl on; | |
ssl_session_cache builtin:1000 shared:SSL:10m; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; | |
ssl_prefer_server_ciphers on; | |
error_log /var/log/nginx/sub.domain.tld.error; # path to error log | |
access_log /var/log/nginx/sub.domain.tld.access; # path to access log | |
location / { | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
# Fix the “It appears that your reverse proxy set up is broken" error. | |
proxy_pass https://load_balanced_backend; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment