Here's an example config that I use:
server {
server_name domain.tld www.domain.tld;
add_header Strict-Transport-Security "max-age=31536000; preload";
keepalive_timeout 70;
#LOGS CONFIG
access_log /usr/local/nginx/logs/domain.tld/domain.tld_access.log;
error_log /usr/local/nginx/logs/domain.tld/domain.tld_error.log
warn;
#SSL CONFIG
ssl_certificate /etc/nginx/ssl/domain.tld.pem;
ssl_certificate_key /etc/nginx/ssl/domain.tld.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /usr/local/nginx/ssl/dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
proxy_max_temp_file_size 5120m;
client_max_body_size 5120m;
#set_real_ip_from 192.168.xx.xx/24;
#real_ip_header X-Forwarded-For;
#real_ip_recursive on;
#LISTEN CONFIG
include /usr/local/nginx/conf/listen/domain.tld/*.conf;
#MODSECURITY CONFIG
modsecurity on;
modsecurity_rules_file
/usr/local/nginx/conf/domain.tld_modsecurity.conf;
location / {
#Set Real IP Headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://webserver02.domain.tld:443;
}
}
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,286492,286494#msg-286494
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
