HTTPS Proxy
server {
server_name lily.domain.id;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name lily.domain.id;
ssl on;
ssl_certificate /etc/letsencrypt/live/lily.domain.id/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lily.domain.id/privkey.pem;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2;
add_header Strict-Transport-Security max-age=15768000;
location / {
proxy_pass http://192.168.212.103;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
server_name magnolia.domain.id;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name magnolia.domain.id;
ssl on;
ssl_certificate /etc/letsencrypt/live/magnolia.domain.id/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/magnolia.domain.id/privkey.pem;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2;
add_header Strict-Transport-Security max-age=15768000;
location / {
proxy_pass http://192.168.212.108;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
server_name rose.domain.id;
location / {
proxy_pass http://192.168.212.110;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
server_name jasmine.domain.id;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name jasmine.domain.id;
ssl on;
ssl_certificate /etc/letsencrypt/live/jasmine.domain.id/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jasmine.domain.id/privkey.pem;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2;
add_header Strict-Transport-Security max-age=15768000;
location / {
proxy_pass http://192.168.212.112;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
server_name orchid.domain.id;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name orchid.domain.id;
ssl on;
ssl_certificate /etc/letsencrypt/live/orchid.domain.id/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/orchid.domain.id/privkey.pem;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2;
add_header Strict-Transport-Security max-age=15768000;
location / {
proxy_pass http://192.168.212.113;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Configure Nessus on Public.
server {
server_name nessus.domain.id;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name nessus.domain.id;
ssl on;
ssl_certificate /etc/letsencrypt/live/nessus.domain.id/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nessus.domain.id/privkey.pem;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2;
add_header Strict-Transport-Security max-age=15768000;
location / {
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 8 4K; # Please see note 1
fastcgi_ignore_headers X-Accel-Buffering; # Please see note 2
gzip off;
proxy_pass https://192.168.200.101:8834;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_ssl_trusted_certificate /usr/share/nessus/CA/servercert.pem;
proxy_ssl_verify off;
proxy_ssl_server_name on;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600;
}
}
Finish.
Troubleshooting
If SSL error when configured, use proxy_ssl_trusted_certificate
instead proxy_ssl_certificate
.