I'm using SSL proxying to my squarespace.com site since they don't allow SSL. I was previously setting the HSTS header so I have some browsers that won't go to an HTTP version of my page. I need to use this proxy behavior to ensure they can still get to my page. Also, I want to make sure I haven't overlooked an issue with redirection looping.
Can I get some feedback about this configuration file, did I leave anything out or add anything in that shouldn't be there?
# HTTP redirect for www
server {
listen 80;
server_name www.domain.com;
return 301 http://domain.com$request_uri;
}
# HTTP listening
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www/html;
index index.php index.html index.htm ;
server_name domain.com;
location / {
proxy_set_header Host $host;
proxy_pass http://192.168.2.100; # example IP, not my real IP
}
}
# HTTPS Server
server {
listen 443 ssl;
ssl_certificate /etc/ssl/domain.com.chained.crt;
ssl_certificate_key /etc/ssl/nginx.key;
error_log /var/log/nginx/domain.error.log crit;
server_name domain.com www.domain.com;
location / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass https://192.168.2.100; # example IP, not my real IP
}
}
