nginx config for http/https proxy to localhost:3000
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| First, install nginx for mac with "brew install nginx". | |
| Then follow homebrew's instructions to know where the config file is. | |
| 1. To use https you will need a self-signed certificate: https://devcenter.heroku.com/articles/ssl-certificate-self | |
| 2. Copy it somewhere (use full path in the example below for server.* files) | |
| 3. sudo nginx -s reload | |
| 4. Access https://localhost/ | |
| Edit /usr/local/etc/nginx/nginx.conf: | |
| -------------------- | |
| #user nobody; | |
| worker_processes 1; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| send_timeout 1800; | |
| sendfile on; | |
| keepalive_timeout 6500; | |
| server { | |
| listen 80; | |
| server_name localhost; | |
| location / { | |
| proxy_pass http://localhost:3000; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Client-Verify SUCCESS; | |
| proxy_set_header X-Client-DN $ssl_client_s_dn; | |
| proxy_set_header X-SSL-Subject $ssl_client_s_dn; | |
| proxy_set_header X-SSL-Issuer $ssl_client_i_dn; | |
| proxy_read_timeout 1800; | |
| proxy_connect_timeout 1800; | |
| } | |
| } | |
| # HTTPS server | |
| server { | |
| listen 443; | |
| server_name localhost; | |
| ssl on; | |
| ssl_certificate server.crt; | |
| ssl_certificate_key server.key; | |
| ssl_session_timeout 5m; | |
| ssl_protocols SSLv2 SSLv3 TLSv1; | |
| ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; | |
| ssl_prefer_server_ciphers on; | |
| location / { | |
| proxy_pass http://localhost:3000; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Client-Verify SUCCESS; | |
| proxy_set_header X-Client-DN $ssl_client_s_dn; | |
| proxy_set_header X-SSL-Subject $ssl_client_s_dn; | |
| proxy_set_header X-SSL-Issuer $ssl_client_i_dn; | |
| proxy_read_timeout 1800; | |
| proxy_connect_timeout 1800; | |
| } | |
| } | |
| } |
@kenyee but this is for the entire nginx.conf not just a site file
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
What is the purpose of X-Client-DN header?
for websocket support, add
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
i dont have server inside http on my config , i only have it under mail
how can I sign a certificate?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
FYI, current nginx only wants the server{} sections in the site files...it doesn't understand http or events if you put them into a site file.