Skip to content

Configure a static site

bash
server {
    listen 443 ssl;
    server_name your_domain.com;
 
    ssl_certificate /path/to/your_certificate.pem; # certificate file path
    ssl_certificate_key /path/to/your_private.key; # private key file path
 
    ssl_session_timeout 20m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

 
    location / {
        root /path/to/your/app;
        index index.html index.htm;
    }
}

Proxy a service port

bash
server {
    listen 443 ssl;
    server_name your_domain.com;
 
    ssl_certificate /path/to/your_certificate.pem; # certificate file path
    ssl_certificate_key /path/to/your_private.key; # private key file path
 
    ssl_session_timeout 20m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

 
     location / {
         proxy_pass http://127.0.0.1:8080;
         proxy_redirect off;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $http_host;
         proxy_set_header X-NginX-Proxy true;
     }

}

HTTP site forcibly redirects to HTTPS site

bash
 server {
       listen 80;
       server_name your_domain.com;
       return 301 https://your_domain.com;
 }