72 lines
1.6 KiB
Text
72 lines
1.6 KiB
Text
server {
|
|
listen 80 default_server;
|
|
listen 443 ssl default_server;
|
|
|
|
server_name ansible.http.tests _;
|
|
|
|
ssl_certificate /root/ca/ansible.http.tests-cert.pem;
|
|
ssl_certificate_key /root/ca/private/ansible.http.tests-key.pem;
|
|
|
|
ssl_client_certificate /root/ca/cacert.pem;
|
|
ssl_verify_client optional;
|
|
|
|
location =/cacert.pem {
|
|
alias /usr/share/nginx/html/cacert.pem;
|
|
}
|
|
|
|
location =/client.key {
|
|
alias /usr/share/nginx/html/client.key;
|
|
}
|
|
|
|
location =/client.pem {
|
|
alias /usr/share/nginx/html/client.pem;
|
|
}
|
|
|
|
location =/ssl_client_verify {
|
|
return 200 "ansible.http.tests:$ssl_client_verify";
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8000;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Host $http_host;
|
|
proxy_redirect off;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
listen 443 ssl;
|
|
|
|
server_name sni1.ansible.http.tests;
|
|
|
|
ssl_certificate /root/ca/sni1.ansible.http.tests-cert.pem;
|
|
ssl_certificate_key /root/ca/private/sni1.ansible.http.tests-key.pem;
|
|
|
|
location / {
|
|
return 200 "sni1.ansible.http.tests";
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
listen 443 ssl;
|
|
|
|
server_name sni2.ansible.http.tests;
|
|
|
|
ssl_certificate /root/ca/sni2.ansible.http.tests-cert.pem;
|
|
ssl_certificate_key /root/ca/private/sni2.ansible.http.tests-key.pem;
|
|
|
|
location / {
|
|
return 200 "sni2.ansible.http.tests";
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
|
|
server_name fail.ansible.http.tests;
|
|
|
|
rewrite /(.*) https://$host/$1 permanent;
|
|
}
|