nginx config for http/https proxy to localhost:3000
First, install nginx for mac with "brew install nginx". | |
Then follow homebrew's instructions to know where the config file is. | |
1. To use https you will need a self-signed certificate: https://devcenter.heroku.com/articles/ssl-certificate-self | |
2. Copy it somewhere (use full path in the example below for server.* files) | |
3. sudo nginx -s reload | |
4. Access https://localhost/ | |
Edit /usr/local/etc/nginx/nginx.conf: | |
-------------------- | |
#user nobody; | |
worker_processes 1; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
include mime.types; | |
default_type application/octet-stream; | |
send_timeout 1800; | |
sendfile on; | |
keepalive_timeout 6500; | |
server { | |
listen 80; | |
server_name localhost; | |
location / { | |
proxy_pass http://localhost:3000; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Client-Verify SUCCESS; | |
proxy_set_header X-Client-DN $ssl_client_s_dn; | |
proxy_set_header X-SSL-Subject $ssl_client_s_dn; | |
proxy_set_header X-SSL-Issuer $ssl_client_i_dn; | |
proxy_read_timeout 1800; | |
proxy_connect_timeout 1800; | |
} | |
} | |
# HTTPS server | |
server { | |
listen 443; | |
server_name localhost; | |
ssl on; | |
ssl_certificate server.crt; | |
ssl_certificate_key server.key; | |
ssl_session_timeout 5m; | |
ssl_protocols SSLv2 SSLv3 TLSv1; | |
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; | |
ssl_prefer_server_ciphers on; | |
location / { | |
proxy_pass http://localhost:3000; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Client-Verify SUCCESS; | |
proxy_set_header X-Client-DN $ssl_client_s_dn; | |
proxy_set_header X-SSL-Subject $ssl_client_s_dn; | |
proxy_set_header X-SSL-Issuer $ssl_client_i_dn; | |
proxy_read_timeout 1800; | |
proxy_connect_timeout 1800; | |
} | |
} | |
} |
This comment has been minimized.
This comment has been minimized.
@kenyee but this is for the entire nginx.conf not just a site file |
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
This comment has been minimized.
What is the purpose of X-Client-DN header? |
This comment has been minimized.
This comment has been minimized.
for websocket support, add
|
This comment has been minimized.
This comment has been minimized.
i dont have server inside http on my config , i only have it under mail |
This comment has been minimized.
This comment has been minimized.
how can I sign a certificate? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
FYI, current nginx only wants the server{} sections in the site files...it doesn't understand http or events if you put them into a site file.