NginX Reverse proxy

NginX config in folder /ect/nginx/conf.d

This section describes the basic configuration of a proxy server. You will learn how to pass a request from NGINX to proxied servers.

For every service i have a separate config. servicename.conf.

server { listen 80; return 301 https://$host$request_uri; } server { listen 443 ssl spdy; server_name; include ssl.conf; include proxy-control.conf; access_log /var/log/nginx/default.access.log; location / { # Fix the “It appears that your reverse proxy set up is broken" error. proxy_pass http://ip_to_webserver; proxy_redirect http://ip_to_webserver; } }

ssl.conf in /etc/nginx

ssl.conf contains all the SSL stuf for NginX ssl on; ssl_certificate /etc/ssl/certificate.crt; ssl_certificate_key /etc/ssl/certificate.key; # Due to a Diffie Helmann vulnerability. ssl_dhparam /etc/ssl/dhparams.pem; ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 24h; ssl_stapling on; ssl_stapling_verify on; resolver valid=300s; resolver_timeout 5s; ssl_trusted_certificate /etc/ssl/certificate.crt; add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff;

Change the red text so that it matches your own config.

proxy-control.conf in /etc/nginx/

proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header HOST $http_HEADER; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_read_timeout 90; proxy_buffer_size 64k; proxy_buffers 16 32k; proxy_pass_header Set-Cookie; proxy_hide_header Vary; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k;