User www-data;worker_processes auto;pid/run/nginx.pid;events {worker_connections768; # multi_accept on;} HTTP {# # # Basic Settings # # sendfile on; Tcp_nopush on; Tcp_nodelay on; Keepalive_timeout $; Types_hash_max_size2048; # Server_tokens off; # server_names_hash_bucket_size -; # server_name_in_redirect off; Include/etc/nginx/mime.types; Default_type Application/octet-stream; # # # SSL Settings # # #ssl_protocols TLSv1 TLSv1.1TLSv1.2; # dropping SSLv3, Ref:poodle #ssl_prefer_server_ciphers on; # # # # Logging Settings # # Access_log/var/log/nginx/Access.log; Error_log/var/log/nginx/Error.log; # # # Gzip Settings # #gzipOn ; Gzip_disable"Msie6"; # gzip_vary on; # gzip_proxied any; # Gzip_comp_level6; # gzip_buffers -8k; # gzip_http_version1.1; # gzip_types Text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/JavaScript; # # # Virtual Host configs # # include/etc/nginx/conf.d/*. conf; include/etc/nginx/sites-enabled/*; server {server_name 192.168.62.132; Listen 443; SSL on; SSL_CERTIFICATE/ETC/NGINX/CA/NGINX.CRT; SSL_CERTIFICATE_KEY/ETC/NGINX/CA/KEY.PEM; SSL_CLIENT_CERTIFICATE/ETC/NGINX/CA/CA.PEM; SSL_CRL/ETC/NGINX/CA/MANAGEMENTCA.CRL; Ssl_session_timeout 5m; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Ssl_ciphers all:! Adh:! Export56:rc4+rsa:+high:+medium:+low:+sslv2:+exp; Ssl_prefer_server_ciphers on; Ssl_stapling on; Ssl_stapling_responder http://192.168.62.132: 8080/EJBCA/PUBLICWEB/STATUS/OCSP; Ssl_stapling_verify on; SSL_TRUSTED_CERTIFICATE/ETC/NGINX/CA/FULL.PEM; Ssl_verify_depth 2; Ssl_verify_client on; Location/{Set $fixed _destination $http _destination; if ($http _destination ~* ^https (. *) $) {set $fixed _destination http$1; } proxy_set_header Host $host; Proxy_set_header X-real-ip $remote _addr; Proxy_set_header Destination $fixed _destination; Proxy_set_header Ssl_client_cert $ssl _client_cert; #proxy_set_header ssl_client_fingerprint $ssl _client_fingerprint; #proxy_set_header Ssl_client_raw_cert $ssl _client_raw_cert; Proxy_set_header ssl_client_serial $ssl _client_serial; Proxy_set_header ssl_client_s_dn $ssl _client_s_dn; Proxy_set_header SSL_CLIENT_I_DN $ssl _client_i_dn; Proxy_set_header ssl_client_verify $ssl _client_verify; Proxy_passhttp://192.168.62.132 : 18080; } }} #mail {# # # See Sample Authentication Script at:# #Http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript# # # # # # auth_http localhost/auth.php;# # pop3_capabilities "TOP" "USER"; # # Imap_capabilities "IMAP4rev1" "UIDP LUS "; # # server {# Listen localhost:110;# protocol pop3;# proxy on;#}# # server {# Listen localhost:143;# protocol imap;# proxy on;#}#}
My nginx configuration file