oxo42/Nginx-Proxy.conf

## Nginx-Proxy.conf
server {
  listen *:80;
  server_name           splunk-web.example.com;

  if ($ssl_protocol = "") {
    return 301 https://$host$request_uri;
  }
  index  index.html index.htm index.php;

  access_log            /var/log/nginx/splunk-web.example.com.access.log combined;
  error_log             /var/log/nginx/splunk-web.example.com.error.log;
}

server {
  listen       *:443 ssl http2;
  server_name  splunk-web.example.com;

  ssl on;

  ssl_certificate           /etc/nginx/ssl/example.pub.pem;
  ssl_certificate_key       /etc/nginx/ssl/example.key.pem;
  ssl_session_cache         shared:SSL:10m;
  ssl_session_timeout       5m;
  ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers               ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
  ssl_prefer_server_ciphers on;

  index  index.html index.htm index.php;

  access_log            /var/log/nginx/ssl-splunk-web.example.com.access.log combined;
  error_log             /var/log/nginx/ssl-splunk-web.example.com.error.log;


  location / {
    # This is the location of the Splunk search head
    proxy_pass            https://192.168.0.1:8000/;
    proxy_read_timeout    90;
    proxy_connect_timeout 90;
    proxy_redirect        off;

    proxy_set_header      Host $host;
    proxy_set_header      X-Real-IP $remote_addr;
    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  location /fogbugz-GUID {
    proxy_pass            https://localhost:8088/services/collector;
    proxy_read_timeout    90;
    proxy_connect_timeout 90;
    proxy_redirect        off;
    proxy_set_body        "{\"event\":$request_body}";

    proxy_set_header      Host $host;
    proxy_set_header      X-Real-IP $remote_addr;
    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header      Authorization "Splunk HTTP-EC-TOKEN";
  }
}
	server {
	listen *:80;
	server_name splunk-web.example.com;

	if ($ssl_protocol = "") {
	return 301 https://$host$request_uri;
	}
	index index.html index.htm index.php;

	access_log /var/log/nginx/splunk-web.example.com.access.log combined;
	error_log /var/log/nginx/splunk-web.example.com.error.log;
	}

	server {
	listen *:443 ssl http2;
	server_name splunk-web.example.com;

	ssl on;

	ssl_certificate /etc/nginx/ssl/example.pub.pem;
	ssl_certificate_key /etc/nginx/ssl/example.key.pem;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
	ssl_prefer_server_ciphers on;

	index index.html index.htm index.php;

	access_log /var/log/nginx/ssl-splunk-web.example.com.access.log combined;
	error_log /var/log/nginx/ssl-splunk-web.example.com.error.log;


	location / {
	# This is the location of the Splunk search head
	proxy_pass https://192.168.0.1:8000/;
	proxy_read_timeout 90;
	proxy_connect_timeout 90;
	proxy_redirect off;

	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}

	location /fogbugz-GUID {
	proxy_pass https://localhost:8088/services/collector;
	proxy_read_timeout 90;
	proxy_connect_timeout 90;
	proxy_redirect off;
	proxy_set_body "{\"event\":$request_body}";

	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Authorization "Splunk HTTP-EC-TOKEN";
	}
	}