Configure a static site
bash
server {
listen 443 ssl;
server_name your_domain.com;
ssl_certificate /path/to/your_certificate.pem; # certificate file path
ssl_certificate_key /path/to/your_private.key; # private key file path
ssl_session_timeout 20m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /path/to/your/app;
index index.html index.htm;
}
}
Proxy a service port
bash
server {
listen 443 ssl;
server_name your_domain.com;
ssl_certificate /path/to/your_certificate.pem; # certificate file path
ssl_certificate_key /path/to/your_private.key; # private key file path
ssl_session_timeout 20m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
}
HTTP site forcibly redirects to HTTPS site
bash
server {
listen 80;
server_name your_domain.com;
return 301 https://your_domain.com;
}