NGINX proxy http

Basic and simple way to use NGINX as proxy to Tomcat/JBoss or Splunk with SSL.

##################

## JBoss/Tomcat ##

##################

upstream web1 {

  server 10.10.10.24:9090;

}

server {

  server_name webserver1.example.com www.example.com;

  listen 80;

  gzip on;

  access_log /var/log/nginx/ezweb-access.log;

  error_log /var/log/nginx/ezweb-error.log;

location /

{

  proxy_pass        http://web1/;

  proxy_set_header  X-Real-IP  $remote_addr;

  proxy_set_header Host $http_host;

  proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;

  }

}

#-------------------------------

#########################

## Splunk /HTTP Server ##

#########################

# NON-SSL

upstream server1 {

  server 127.0.0.1:8000;

}

server {

  server_name splunk1.example.com;

  listen 80;

#  autoindex off;

#  index index.html index.htm index.php;

  gzip on;

  access_log /var/log/nginx/splunk-access.log;

  error_log /var/log/nginx/splunk-error.log;

location / {

  port_in_redirect off;

  proxy_pass        http://server1;

  proxy_set_header  X-Real-IP  $remote_addr;

  proxy_set_header Host $http_host;

  proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;

  }

}

#------------------------------

#########################

## Splunk /HTTP Server ##

#########################

# REDIRECT+SSL-ENABLED

upstream server1 {

  server 127.0.0.1:8000;

}

server {

  server_name server1.example.com;

  listen 80;

  return 301 https://$host$request_uri;

  #rewrite ^ https://$host$request_uri? permanent;

}

server {

  server_name server1.example.com;

  listen 443 ssl;

  ssl on;

#  gzip on;

  access_log /var/log/nginx/splunk-ssl-access.log;

  error_log /var/log/nginx/splunk-ssl-error.log;

   ### ssl config - customize as per your setup ###

     ssl_certificate      /splunk/etc/auth/splunkweb/cert.pem;

     ssl_certificate_key  /splunk/etc/auth/splunkweb/privkey.pem;

     ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;

     ssl_ciphers RC4:HIGH:!aNULL:!MD5;

     ssl_prefer_server_ciphers on;

     keepalive_timeout    70;

     ssl_session_cache    shared:SSL:10m;

     ssl_session_timeout  10m;

location / {

  port_in_redirect off;

  proxy_pass        https://server1;

  proxy_set_header  X-Real-IP  $remote_addr;

  proxy_set_header Host $http_host;

  proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;

  }

}