Break out a new server{} config for port 444>

This also restores docker proxy stuff with recursive enabled
This commit is contained in:
Jimmy Zelinskie 2015-01-21 15:59:29 -05:00
parent b7d6d42317
commit 0f8aad9ef1
2 changed files with 22 additions and 8 deletions

View file

@ -13,6 +13,19 @@ http {
include server-base.conf;
listen 443 default proxy_protocol;
ssl on;
ssl_certificate ./stack/ssl.cert;
ssl_certificate_key ./stack/ssl.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
}
server {
include server-base.conf
listen 444 default;
ssl on;

View file

@ -3,8 +3,9 @@
client_body_temp_path /var/log/nginx/client_body 1 2;
server_name _;
#set_real_ip_from 172.17.0.0/16;
#real_ip_header X-Forwarded-For;
set_real_ip_from 172.17.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
keepalive_timeout 5;
@ -12,12 +13,12 @@ if ($args ~ "_escaped_fragment_") {
rewrite ^ /snapshot$uri;
}
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header Host $http_host;
#proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
#proxy_set_header Transfer-Encoding $http_transfer_encoding;
proxy_set_header Transfer-Encoding $http_transfer_encoding;
location / {
proxy_pass http://web_app_server;