upstream backend { #ip_hash; server 10.1.0.245:81; server 10.1.0.42:81; } server { listen 80; listen 443 ssl; server_name office.dahuatech.com; ssl_certificate server.crt; ssl_certificate_key server.key; #ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; #ssl_prefer_server_ciphers on; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://backend; #Proxy Settings proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } server { ### server port and name ### listen 443 ssl; server_name nixcraft.in; ### SSL log files ### access_log logs/ssl-access.log; error_log logs/ssl-error.log; ### SSL cert files ### ssl_certificate ssl/nixcraft.in.crt; ssl_certificate_key ssl/nixcraft.in.key; ### Add SSL specific settings here ### keepalive_timeout 60; ### Limiting Ciphers ######################## # Uncomment as per your setup #ssl_ciphers HIGH:!ADH; #ssl_perfer_server_ciphers on; #ssl_protocols SSLv3; ############################################## ### We want full access to SSL via backend ### location / { proxy_pass http://nixcraft; ### force timeouts if one of backend is died ## proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; ### Set headers #### proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ### Most PHP, Python, Rails, Java App can use this header ### proxy_set_header X-Forwarded-Proto https; ### By default we don't want to redirect it #### proxy_redirect off; }