|
|
@@ -0,0 +1,33 @@ |
|
|
|
user nobody nogroup; |
|
|
|
worker_processes auto; |
|
|
|
|
|
|
|
events { |
|
|
|
worker_connections 512; |
|
|
|
} |
|
|
|
|
|
|
|
http { |
|
|
|
upstream app { |
|
|
|
server app:4567; |
|
|
|
} |
|
|
|
|
|
|
|
server { |
|
|
|
listen *:443; |
|
|
|
ssl on; |
|
|
|
server_name ""; |
|
|
|
|
|
|
|
ssl_certificate /etc/nginx/certs/server.crt; |
|
|
|
ssl_certificate_key /etc/nginx/certs/server.key; |
|
|
|
ssl_client_certificate /etc/nginx/certs/ca.crt; |
|
|
|
# @todo this could be made 'optional' so taht |
|
|
|
# some connections are allowed to public |
|
|
|
# endpooints |
|
|
|
ssl_verify_client on; |
|
|
|
|
|
|
|
root /usr/share/nginx/html; |
|
|
|
|
|
|
|
location /app/ { |
|
|
|
proxy_pass http://app/; |
|
|
|
proxy_set_header X-ClientCert-DN $ssl_client_s_dn; |
|
|
|
} |
|
|
|
} |
|
|
|
} |