Table of Contents

NGINX

SSL

      ssl on;
      ssl_dhparam /etc/nginx/keys/dh4096.pem;
      ssl_protocols TLSv1.2 TLSv1 SSLv3;
      ssl_ciphers ALL:!aNULL:!eNULL:!ADH:!EXP:!DES:!MEDIUM:!LOW:kEDH+DHE:SHA256:RC4+RSA;
      ssl_prefer_server_ciphers   on;
      ssl_session_timeout  5m;
      ssl_session_cache    shared:SSL:10m;
      ssl_certificate  /etc/nginx/keys/ntmr.crt;
      ssl_certificate_key /etc/nginx/keys/ntmr.key;
  

Proxy

strip ssl and adjust server vars for cgi scripts

  
location / {
  proxy_pass  http://www;                                                                         
  proxy_set_header        Accept-Encoding   "";
  proxy_set_header        Host            $host;
  proxy_set_header        scheme          $scheme;
  proxy_set_header        X-Real-IP       $remote_addr;
  proxy_set_header        X-Forwarded-Port       $server_port; 
  proxy_set_header        X-Forwarded-For        $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto      $scheme;
        
  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
  
  proxy_redirect off;
} 
  
  

ww1

global scope

map $http_x_forwarded_port $external_port {
  default $http_x_forwarded_port;
  '' $server_port;
} 
  

cgi config

include fastcgi_params;
fastcgi_param  SERVER_PORT          $external_port;