ssl on; ssl_dhparam /etc/nginx/keys/dh4096.pem; ssl_protocols TLSv1.2 TLSv1 SSLv3; ssl_ciphers ALL:!aNULL:!eNULL:!ADH:!EXP:!DES:!MEDIUM:!LOW:kEDH+DHE:SHA256:RC4+RSA; ssl_prefer_server_ciphers on; ssl_session_timeout 5m; ssl_session_cache shared:SSL:10m; ssl_certificate /etc/nginx/keys/ntmr.crt; ssl_certificate_key /etc/nginx/keys/ntmr.key;
strip ssl and adjust server vars for cgi scripts
location / { proxy_pass http://www; proxy_set_header Accept-Encoding ""; proxy_set_header Host $host; proxy_set_header scheme $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; }
global scope
map $http_x_forwarded_port $external_port { default $http_x_forwarded_port; '' $server_port; }
cgi config
include fastcgi_params; fastcgi_param SERVER_PORT $external_port;