nginx reverse proxy configuration with SSL offload and basic auth

sites-enabled-default

#/etc/nginx/sites-enabled/default

ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/private.key;

ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;

# the default site on port 80 (http)
server {
        # Make site accessible from http://localhost/
        server_name *.mydomain.com;

        rewrite        ^ https://$http_host$request_uri? permanent;
}

# HTTPS server for app1
#
server {
        listen 443 ssl;
        server_name app1.mydomain.com;
        ssl on;

        location / {
                proxy_pass http://localhost:3000;
                proxy_set_header Host      $host;
                proxy_set_header X-Real-IP $remote_addr;
        }
}

# app2 - with http basic auth
server {
        listen 443 ssl;
        server_name app2.mydomain.com;

        ssl on;

        location / {
                proxy_pass http://10.0.0.16:9200;
                proxy_set_header Host      $host;
                proxy_set_header X-Real-IP $remote_addr;
        }
         # Authorize access
        auth_basic "Protected app";
        auth_basic_user_file /etc/nginx/passworddb;
}

# app3
server {
        listen 443 ssl;
        server_name dashboard.mydomain.com;

        ssl on;

        location / {
                proxy_pass http://localhost:9201;
                proxy_set_header Host      $http_host;
                proxy_set_header X-Forwarded-Host      $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
        }
}