Skip to content

Instantly share code, notes, and snippets.

@aespinosa

aespinosa/nginx.conf

Created September 18, 2019 18:47
Show Gist options
  • Save aespinosa/9c262c7aff39a4e8d31896004c32750e to your computer and use it in GitHub Desktop.
Save aespinosa/9c262c7aff39a4e8d31896004c32750e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx.conf
# Bind to port 80 and convince users to upgrade to TLS (forcefully)
server {
listen 80;
server_name genius.dev.hadoop.bloomberg.com;
rewrite ^ https://genius.dev.hadoop.bloomberg.com$request_uri? permanent;
}
# The actual TLS port binding
server {
listen 443 ssl http2;
server_name genius.dev.hadoop.bloomberg.com;
ssl_certificate /etc/nginx/ssl/genius.dev.hadoop.bloomberg.com.crt;
ssl_certificate_key /etc/nginx/ssl/genius.dev.hadoop.bloomberg.com.key;
add_header Strict-Transport-Security "max-age=86400";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# Everything goes to the Java app
location / {
proxy_set_header X-Real-IP $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8080;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment