toastedpenguin/nginx redirect

## nginx redirect
worker_processes  2;

events {
    worker_connections  1024;
}

error_log       /var/log/nginx/debug debug;

http {
    include mime.types;
    default_type application/octet-stream;
    root /var/www/html;
    ignore_invalid_headers on;
    client_header_timeout 240;
    client_body_timeout 240;
    send_timeout 240;
    client_max_body_size 100m;

    # Basic Proxy Settings
    proxy_buffer_size 128k;
    proxy_buffers 8 128k;
    proxy_cache_path  /var/cache/nginx/ levels=1:2 keys_zone=tchis:250m max_size=1000m inactive=1d;
    proxy_temp_path   /var/cache/nginx/proxy_temp;

    # Enable GZIP
    gzip        on;
    gzip_http_version   1.1;
    gzip_min_length     1000;
    gzip_buffers        16 8k;
    gzip_disable        "MSIE [1-6] \.";
    gzip_types          text/css text/xml application/x-javascript application/atom+xml text/plain;
    gzip_vary           on;
    gzip_proxied        any;

    upstream tomcat_server {
        # Tomcat is listening on default 8081 port
        server 10.51.10.60:8081 fail_timeout=0;
    }

    server {
        listen 10.51.10.110:80;
        server_name example.com;
        return 301 https://example.com$uri ;
}

    server {
        server_name example.com;
        listen 10.51.10.110:443 ssl;

        ssl_certificate /etc/ssl/certs/entrust/wc_example.com/wc_example.com_chain.crt;
        ssl_certificate_key /etc/ssl/certs/entrust/wc_example.com/wc_example.com.key;
        server_tokens off;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_session_timeout 10m;
        ssl_session_cache shared:SSL:10m;
        #ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_stapling on;
        resolver 10.51.2.252;

        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:!MD5:!aNULL;

        keepalive_timeout 5;
        add_header Strict-Transport-Security max-age=2592000;

        rewrite_log on;

        location / {
            ModSecurityEnabled on;
            ModSecurityConfig   modsecurity.conf;
            proxy_pass http://tomcat_server;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_connect_timeout      240;
            proxy_send_timeout         240;
            proxy_read_timeout         240;
            proxy_cache         tchis;
            proxy_cache_valid  200 302  60m;
            proxy_cache_valid  404      1m;
        }
     }
}
	worker_processes 2;

	events {
	worker_connections 1024;
	}

	error_log /var/log/nginx/debug debug;

	http {
	include mime.types;
	default_type application/octet-stream;
	root /var/www/html;
	ignore_invalid_headers on;
	client_header_timeout 240;
	client_body_timeout 240;
	send_timeout 240;
	client_max_body_size 100m;

	# Basic Proxy Settings
	proxy_buffer_size 128k;
	proxy_buffers 8 128k;
	proxy_cache_path /var/cache/nginx/ levels=1:2 keys_zone=tchis:250m max_size=1000m inactive=1d;
	proxy_temp_path /var/cache/nginx/proxy_temp;

	# Enable GZIP
	gzip on;
	gzip_http_version 1.1;
	gzip_min_length 1000;
	gzip_buffers 16 8k;
	gzip_disable "MSIE [1-6] \.";
	gzip_types text/css text/xml application/x-javascript application/atom+xml text/plain;
	gzip_vary on;
	gzip_proxied any;

	upstream tomcat_server {
	# Tomcat is listening on default 8081 port
	server 10.51.10.60:8081 fail_timeout=0;
	}

	server {
	listen 10.51.10.110:80;
	server_name example.com;
	return 301 https://example.com$uri ;
	}

	server {
	server_name example.com;
	listen 10.51.10.110:443 ssl;

	ssl_certificate /etc/ssl/certs/entrust/wc_example.com/wc_example.com_chain.crt;
	ssl_certificate_key /etc/ssl/certs/entrust/wc_example.com/wc_example.com.key;
	server_tokens off;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_session_timeout 10m;
	ssl_session_cache shared:SSL:10m;
	#ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_stapling on;
	resolver 10.51.2.252;

	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:!MD5:!aNULL;

	keepalive_timeout 5;
	add_header Strict-Transport-Security max-age=2592000;

	rewrite_log on;

	location / {
	ModSecurityEnabled on;
	ModSecurityConfig modsecurity.conf;
	proxy_pass http://tomcat_server;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Server $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_http_version 1.1;
	proxy_set_header Connection "";
	proxy_connect_timeout 240;
	proxy_send_timeout 240;
	proxy_read_timeout 240;
	proxy_cache tchis;
	proxy_cache_valid 200 302 60m;
	proxy_cache_valid 404 1m;
	}
	}
	}