From 6cbbb4b56798e0445109b6aef3810fbdd651f92f Mon Sep 17 00:00:00 2001
From: Serghei Mihai <smihai@entrouvert.com>
Date: Wed, 20 May 2015 15:48:32 +0200
Subject: [PATCH] nginx configure example

---
 README | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/README b/README
index e69de29..96602a1 100644
--- a/README
+++ b/README
@@ -0,0 +1,40 @@
+== Configure Nginx to launch SSL authentication ==
+
+Configure urls requiring SSL authentication
+
+server {
+        listen 8443;
+
+        server_name example.com;
+
+        ssl on;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH$
+        ssl_prefer_server_ciphers on;
+
+        ssl_certificate         /etc/ssl/certs/example.com.pem;
+        ssl_certificate_key     /etc/ssl/private/example.com.key;
+        ssl_verify_client optional_no_ca;
+
+        location / {
+                return 301 https://$host/;
+        }
+
+        location ~ ^/accounts/beid/(signin|add) {
+                proxy_pass         http://localhost:8000;
+                proxy_read_timeout 600;
+                proxy_set_header Host              $host;
+                proxy_set_header X-Real-IP         $remote_addr;
+                proxy_set_header X-Forwarded-For   $remote_addr;
+                proxy_set_header X-Forwarded-SSL off;
+                proxy_set_header X-Forwarded-Protocol ssl;
+                proxy_set_header X-Forwarded-Proto http;
+                proxy_set_header Ssl-Client-I-Dn $ssl_client_i_dn;
+                proxy_set_header Ssl-Client-S-Dn $ssl_client_s_dn;
+                proxy_set_header Ssl-Client-Serial $ssl_client_serial;
+                proxy_set_header Ssl-Client-Cert $ssl_client_cert;
+        }
+
+}
+
+