nginx config for http/https proxy to localhost:3000
| First, install nginx for mac with "brew install nginx". | |
| Then follow homebrew's instructions to know where the config file is. | |
| 1. To use https you will need a self-signed certificate: https://devcenter.heroku.com/articles/ssl-certificate-self | |
| 2. Copy it somewhere (use full path in the example below for server.* files) | |
| 3. sudo nginx -s reload | |
| 4. Access https://localhost/ | |
| Edit /usr/local/etc/nginx/nginx.conf: | |
| -------------------- | |
| #user nobody; | |
| worker_processes 1; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| send_timeout 1800; | |
| sendfile on; | |
| keepalive_timeout 6500; | |
| server { | |
| listen 80; | |
| server_name localhost; | |
| location / { | |
| proxy_pass http://localhost:3000; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Client-Verify SUCCESS; | |
| proxy_set_header X-Client-DN $ssl_client_s_dn; | |
| proxy_set_header X-SSL-Subject $ssl_client_s_dn; | |
| proxy_set_header X-SSL-Issuer $ssl_client_i_dn; | |
| proxy_read_timeout 1800; | |
| proxy_connect_timeout 1800; | |
| } | |
| } | |
| # HTTPS server | |
| server { | |
| listen 443; | |
| server_name localhost; | |
| ssl on; | |
| ssl_certificate server.crt; | |
| ssl_certificate_key server.key; | |
| ssl_session_timeout 5m; | |
| ssl_protocols SSLv2 SSLv3 TLSv1; | |
| ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; | |
| ssl_prefer_server_ciphers on; | |
| location / { | |
| proxy_pass http://localhost:3000; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Client-Verify SUCCESS; | |
| proxy_set_header X-Client-DN $ssl_client_s_dn; | |
| proxy_set_header X-SSL-Subject $ssl_client_s_dn; | |
| proxy_set_header X-SSL-Issuer $ssl_client_i_dn; | |
| proxy_read_timeout 1800; | |
| proxy_connect_timeout 1800; | |
| } | |
| } | |
| } |
This comment has been minimized.
This comment has been minimized.
adam-beck
commented
May 21, 2016
|
@kenyee but this is for the entire nginx.conf not just a site file |
This comment has been minimized.
This comment has been minimized.
desaiuditd
commented
Jul 25, 2016
|
This comment has been minimized.
This comment has been minimized.
vishnuprabhu-g
commented
Apr 12, 2017
|
What is the purpose of X-Client-DN header? |
This comment has been minimized.
This comment has been minimized.
markreid
commented
Feb 7, 2018
|
for websocket support, add |
This comment has been minimized.
This comment has been minimized.
benag
commented
Feb 26, 2019
|
i dont have server inside http on my config , i only have it under mail |
This comment has been minimized.
This comment has been minimized.
afsanefda
commented
Jul 11, 2020
|
how can I sign a certificate? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
kenyee commentedJun 29, 2015
FYI, current nginx only wants the server{} sections in the site files...it doesn't understand http or events if you put them into a site file.