ssl on;
ssl_dhparam /etc/nginx/keys/dh4096.pem;
ssl_protocols TLSv1.2 TLSv1 SSLv3;
ssl_ciphers ALL:!aNULL:!eNULL:!ADH:!EXP:!DES:!MEDIUM:!LOW:kEDH+DHE:SHA256:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/nginx/keys/ntmr.crt;
ssl_certificate_key /etc/nginx/keys/ntmr.key;
strip ssl and adjust server vars for cgi scripts
location / {
proxy_pass http://www;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
}
global scope
map $http_x_forwarded_port $external_port {
default $http_x_forwarded_port;
'' $server_port;
}
cgi config
include fastcgi_params; fastcgi_param SERVER_PORT $external_port;