If you’re like me your public IP space is limited (/28 in my case) and your hosting needs are diverse. Lot’s of websites behind my 1 nginx reverse proxy that you’re using right now to load this site’s content.
My configuration is pretty simple and really cool in my opinion. All of my SSL is terminated on my reverse proxy so I don’t have to manage certificates inside my network at all. While this configuration isn’t particularly exotic, I thought it might be worth sharing anyway. I bet someone will someday find good use from it:
server {
listen 80;
server_name owncloud.example.net;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443;
server_name owncloud.example.net;
ssl on;
ssl_certificate /etc/nginx/conf.d/ssl/owncloud.example.net.bundle.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/owncloud.example.net.key;
# Ridiculously high timeout due to long requests for uploads
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/owncloud.example.net.log main;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_set_header Connection "Keep-Alive";
# Allow uploads up to 16GB in size
client_max_body_size 16000m;
# transparently handle requests to server root
location / {
rewrite ^ https://owncloud.example.net/owncloud$request_uri redirect;
}
location /owncloud {
# owncloud.example.local is your actual owncloud server inside your network
proxy_pass http://owncloud.example.local:80/owncloud;
}
}
This works, not only the web client but also the mobile and desktop clients. I put in the neat rewrite rule so that users can just type the server name and don’t have to get excited about the owncloud URI component. ownCloud is installed using default configurations on the internal server, no complex configurations or anything there. I love nginx reverse proxying.