Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
nginx config for http/https proxy to localhost:3000
First, install nginx for mac with "brew install nginx".
Then follow homebrew's instructions to know where the config file is.
1. To use https you will need a self-signed certificate: https://devcenter.heroku.com/articles/ssl-certificate-self
2. Copy it somewhere (use full path in the example below for server.* files)
3. sudo nginx -s reload
4. Access https://localhost/
Edit /usr/local/etc/nginx/nginx.conf:
--------------------
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
send_timeout 1800;
sendfile on;
keepalive_timeout 6500;
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
}
}
# HTTPS server
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
}
}
}
@kenyee

This comment has been minimized.

Copy link

kenyee commented Jun 29, 2015

FYI, current nginx only wants the server{} sections in the site files...it doesn't understand http or events if you put them into a site file.

@adam-beck

This comment has been minimized.

Copy link

adam-beck commented May 21, 2016

@kenyee but this is for the entire nginx.conf not just a site file

@desaiuditd

This comment has been minimized.

Copy link

desaiuditd commented Jul 25, 2016

👍 for

proxy_set_header    X-Client-Verify  SUCCESS;
proxy_set_header    X-Client-DN      $ssl_client_s_dn;
proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
@vishnuprabhu-g

This comment has been minimized.

Copy link

vishnuprabhu-g commented Apr 12, 2017

What is the purpose of X-Client-DN header?

@markreid

This comment has been minimized.

Copy link

markreid commented Feb 7, 2018

for websocket support, add

proxy_set_header    Upgrade          $http_upgrade;
proxy_set_header    Connection       "upgrade";
proxy_http_version  1.1;

see https://nginx.org/en/docs/http/websocket.html

@benag

This comment has been minimized.

Copy link

benag commented Feb 26, 2019

i dont have server inside http on my config , i only have it under mail

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.