net-app-svcs/nginx.conf

daemon off;

worker_processes 1;

events { worker_connections 1024; }

http{

sendfile on;

    upstream appserver  {
          server localhost:80;
    }

    server {
        ### server port and name ###
        listen          443;
        ssl             on;
        server_name     nginx.ssl;

        ### SSL log files ###
        access_log      logs/ssl-access.log;
        error_log       logs/ssl-error.log;

        ### SSL cert files ###
        ssl_certificate      ssl/ssl.crt;
        ssl_certificate_key  ssl/ssl.key;

        ### Add SSL specific settings here ###


        ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers RC4:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        keepalive_timeout    60;
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;

        ### We want full access to SSL via backend ###
        location / {
                proxy_pass  http://appserver;

                ### force timeouts if one of backend is died ##
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

                ### Set headers ####
                proxy_set_header        Accept-Encoding   "";
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

                ### Most PHP, Python, Rails, Java App can use this header ###
                #proxy_set_header X-Forwarded-Proto https;##
                #This is better##
                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https   on;


                ### By default we don't want to redirect it ####
                proxy_redirect     off;
        }
    }

    server {
        ### server port and name ###
        listen          4433;
        ssl             on;
        server_name     wafnginx.ssl;

        ### SSL log files ###
        access_log      logs/ssl-access.log;
        error_log       logs/ssl-error.log;

        ### SSL cert files ###
        ssl_certificate      ssl/ssl.crt;
        ssl_certificate_key  ssl/ssl.key;

        ### Add SSL specific settings here ###


        ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers RC4:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        keepalive_timeout    60;
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;

        ### We want full access to SSL via backend ###
        location / {
                ModSecurityEnabled on;
                ModSecurityConfig modsecurity.conf;
                proxy_pass  http://appserver;

                ### force timeouts if one of backend is died ##
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

                ### Set headers ####
                proxy_set_header        Accept-Encoding   "";
                proxy_set_header        Host            $host;
                proxy_set_header        X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

                ### Most PHP, Python, Rails, Java App can use this header ###
                #proxy_set_header X-Forwarded-Proto https;##
                #This is better##
                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https   on;


                ### By default we don't want to redirect it ####
                proxy_redirect     off;
        }
    }
}