37 lines
1.4 KiB
Plaintext
37 lines
1.4 KiB
Plaintext
server {
|
|
listen 443;
|
|
server_name _;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
|
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
|
|
|
ssl_client_certificate /etc/ssl/certs/ca-certificates.crt;
|
|
ssl_verify_client optional;
|
|
|
|
access_log /var/log/nginx/logtracker.example.org-access.log combined;
|
|
error_log /var/log/nginx/logtracker.example.org-error.log;
|
|
|
|
location ~ ^/static/(.+)$ {
|
|
root /;
|
|
try_files /var/lib/logtracker/collectstatic/$1
|
|
=404;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://unix:/var/run/logtracker/logtracker.sock;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Forwarded-SSL on;
|
|
proxy_set_header X-Forwarded-Protocol ssl;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-SSL 1;
|
|
proxy_set_header X-SSL-Client-Verify $ssl_client_verify;
|
|
proxy_set_header X-SSL-Client-SHA1 $ssl_client_fingerprint;
|
|
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
|
|
proxy_set_header X-SSL-Client-DN $ssl_client_s_dn;
|
|
}
|
|
}
|