Nginx ssl
From wikinotes
Documentation
ssl module https://nginx.org/en/docs/http/ngx_http_ssl_module.html ssl intro http://nginx.org/en/docs/http/configuring_https_servers.html
Example
server { listen 443 ssl; ssl_certificate /etc/ssl/${DOMAIN_NAME}.pem; # or .crt ssl_certificate_key /etc/ssl/${DOMAIN_NAME}.key; # private key # ssl_trusted_certificate /etc/ssl/${CA}.pem; # not reqd # ... }
Common Tasks
Redirect HTTP to HTTPS on same port
server { listen 443 ssl http2; error_page 497 301 =307 https://$host:$server_port$request_uri; # <-- (this) # ... }Redirect HTTPS to HTTP
http { server { listen 443 ssl http2; proxy_pass http://localhost:8080; # decrypt GET route if origin, and request-origin match add_header Referrer-Policy same-origin; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host example.com:443; proxy_set_header X-Real-Ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }If you are using a webapp that is aware of the host, you may need to specify the protocol.
# mediawiki (LocalSettings.php) $wgServer = "//example.com:8080"; # use whichever proto was used, or indicated by headers # baikal # no configuration required, just header
w3c referrer policy docs https://w3c.github.io/webappsec-referrer-policy/ referrer policy intro https://www.perpetual-beta.org/weblog/the-curious-case-of-tls-and-the-missing-referrers.html