ProxyNginxSSL

Enter a topic name to show or a new topic name to create; then press Enter

This is the configuration of NGINX on a Mac as a reverse proxy with SSL.

NGINX Configuration

Document root is at /usr/local/var/www

Configuration file is at /usr/local/etc/nginx/nginx.conf (linked to /etc/nginx/nginx.conf)

The config file can be edited on the mac using (from the configuration directory)

open -e nginx.conf

The nginx process must be restarted after changing the configuration

sudo nginx -s reload

The configuration file for NGINX supporting redirect to HTTPS

worker_processes 1;
events {
	worker_connections 1024;
}
http{
    include	 mime.types;
    default_type application/octet-stream;
    sendfile	 on;
    keepalive_timeout 65;
    # Expires map
    map $sent_http_content_type $expires {
	default			off;
	~text/html.*charset=utf-8		epoch;
	text/css		max;
	application/javascript	max;
	image/svg\+xml		max;
	~image/			max;
    }
    upstream upstream_server {
	server localhost:5000;
    }
    server {
	listen	     443 ssl default_server;
	listen       [::]:443 ssl default_server;
	server_name  sierra.sapientier.com;
	ssl_certificate /etc/letsencrypt/live/sierra.sapientier.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/sierra.sapientier.com/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:!DH+AES:!RSA+AESGCM:!RSA+AES:!aNULL:!MD5:!DSS:!EXP;
	ssl_ecdh_curve secp384r1;
	ssl_session_cache shared:SSL:10m;
	ssl_session_tickets off;      
	ssl_prefer_server_ciphers on;
	add_header Strict-Transport-Security max-age=63072000;
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;
	location /.well-known {
		 root /usr/local/var/www;
	}

	location / {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header Host $http_host;
		proxy_redirect off;
		proxy_pass http://upstream_server;
		gzip on;
		gzip_types ~text/html.*charset=utf-8 text/css application/javascript image/svg.* ~image/;
		etag on;
		expires $expires;
		break;
	}
    }
    server {
	listen       80 default_server;
	listen	     [::]:80 default_server;
	server_name  sierra.sapientier.com;
	location /.well-known {
		 root /usr/local/var/www;
	}
	location / {
		return 301 https://$host$request_uri;
	}
    }
}
Note
compression for svg images is not yet working

Version: 8   Revised: 2017-03-02 10:58:10 Last Updated by: 2001:470:1d:80b:4a5:f5bb:a770:3ab Rename Show Links to Topic