Skip to content

Instantly share code, notes, and snippets.

@spamguy
Created January 6, 2017 15:09
Show Gist options
  • Save spamguy/4949fa48cfc613911a9d868585150d3f to your computer and use it in GitHub Desktop.
Save spamguy/4949fa48cfc613911a9d868585150d3f to your computer and use it in GitHub Desktop.
An HTTPS reverse proxy configuration for Diplicity.
server {
listen 3000 ssl;
listen [::]:3000;
error_log /usr/local/var/log/nginx/error.log;
access_log /usr/local/var/log/nginx/access.log;
# Google DNS, Open DNS, Dyn DNS
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 216.146.35.35 216.146.36.36 valid=300s;
resolver_timeout 3s;
ssl on;
ssl_certificate /Users/woram/src/dipl.io/dev_certs/server/my-server.crt.pem;
ssl_certificate_key /Users/woram/src/dipl.io/dev_certs/server/my-server.key.pem;
ssl_trusted_certificate /Users/woram/src/dipl.io/dev_certs/server/my-root-ca.crt.pem;
ssl_stapling off;
ssl_stapling_verify off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# HTTPS redirect
error_page 497 301 https://$host:3000$request_uri;
location / {
add_header Pragma "no-cache";
add_header Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0";
expires -1;
proxy_pass http://127.0.0.1:8080$request_uri;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment