Skip to content

Instantly share code, notes, and snippets.

@jnovack

jnovack/nginx.conf

Created July 25, 2016 16:02
Show Gist options
  • Save jnovack/db382cc0e7cc1d9c331c0f0ca0872978 to your computer and use it in GitHub Desktop.
Save jnovack/db382cc0e7cc1d9c331c0f0ca0872978 to your computer and use it in GitHub Desktop.
Download ZIP
nginx Reverse SSL Proxy
Raw
nginx.conf
# /etc/nginx/nginx.conf
# ...
http {
# ...
include /etc/nginx/sites-enabled/*.conf
}
Raw
proxy.conf
# /etc/nginx/sites-enabled/proxy.conf
upstream load_balanced_backend {
ip_hash;
server 10.100.0.200:443; # real server 1
server 10.100.0.201:443; # real server 2
}
server {
listen 10.100.0.100:80; # THIS server
return 301 https://$host$request_uri;
}
server {
listen 10.100.0.100:443; # THIS server
server_name sub.domain.tld; # name on SSL certificate
ssl_certificate /etc/nginx/ssl/sub.domain.tld.crt; # path to SSL cert
ssl_certificate_key /etc/nginx/ssl/sub.domain.tld.key; # path to SSL key
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
error_log /var/log/nginx/sub.domain.tld.error; # path to error log
access_log /var/log/nginx/sub.domain.tld.access; # path to access log
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass https://load_balanced_backend;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment