This is the current config:
nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
tcp_nopush on;
tcp_nodelay on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
default.conf:
server {
listen 80;
rewrite ^ https://$host$request_uri permanent;
}
ssl.conf:
server {
listen 443;
server_name localhost;
access_log /var/log/nginx/ssl-access.log;
error_log /var/log/nginx/ssl-error.log;
ssl on;
ssl_certificate /etc/nginx/cert/cert.crt;
ssl_certificate_key /etc/nginx/cert/cert.key;
ssl_session_timeout 10m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
host101.conf:
server {
listen 443;
server_name hostname101;
access_log /var/log/nginx/host101.access;
error_log /var/log/nginx/host101.error;
ssl on;
ssl_certificate /etc/nginx/cert/cert.crt;
ssl_certificate_key /etc/nginx/cert/cert.key;
ssl_client_certificate /etc/nginx/cert/comodo.crt;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.0.0.101:80;
proxy_redirect http://10.0.0.101:80 /;
proxy_ssl_session_reuse on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
}
Thanks again
nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
tcp_nopush on;
tcp_nodelay on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
default.conf:
server {
listen 80;
rewrite ^ https://$host$request_uri permanent;
}
ssl.conf:
server {
listen 443;
server_name localhost;
access_log /var/log/nginx/ssl-access.log;
error_log /var/log/nginx/ssl-error.log;
ssl on;
ssl_certificate /etc/nginx/cert/cert.crt;
ssl_certificate_key /etc/nginx/cert/cert.key;
ssl_session_timeout 10m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
host101.conf:
server {
listen 443;
server_name hostname101;
access_log /var/log/nginx/host101.access;
error_log /var/log/nginx/host101.error;
ssl on;
ssl_certificate /etc/nginx/cert/cert.crt;
ssl_certificate_key /etc/nginx/cert/cert.key;
ssl_client_certificate /etc/nginx/cert/comodo.crt;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.0.0.101:80;
proxy_redirect http://10.0.0.101:80 /;
proxy_ssl_session_reuse on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
}
Thanks again