esp8266.ssl.reverse.proxy.conf 3.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. # ESP8266 nginx SSL reverse proxy configuration file (tested and working on nginx v1.10.0)
  2. # proxy cache location
  3. proxy_cache_path /opt/etc/nginx/cache levels=1:2 keys_zone=ESP8266_cache:10m max_size=10g inactive=5m use_temp_path=off;
  4. # webserver proxy
  5. server {
  6. # general server parameters
  7. listen 50080;
  8. server_name myDomain.net;
  9. access_log /opt/var/log/nginx/myDomain.net.access.log;
  10. # SSL configuration
  11. ssl on;
  12. ssl_certificate /usr/builtin/etc/certificate/lets-encrypt/myDomain.net/fullchain.pem;
  13. ssl_certificate_key /usr/builtin/etc/certificate/lets-encrypt/myDomain.net/privkey.pem;
  14. ssl_session_cache builtin:1000 shared:SSL:10m;
  15. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  16. ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  17. ssl_prefer_server_ciphers on;
  18. location / {
  19. # proxy caching configuration
  20. proxy_cache ESP8266_cache;
  21. proxy_cache_revalidate on;
  22. proxy_cache_min_uses 1;
  23. proxy_cache_use_stale off;
  24. proxy_cache_lock on;
  25. # proxy_cache_bypass $http_cache_control;
  26. # include the sessionId cookie value as part of the cache key - keeps the cache per user
  27. # proxy_cache_key $proxy_host$request_uri$cookie_sessionId;
  28. # header pass through configuration
  29. proxy_set_header Host $host;
  30. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  31. proxy_set_header X-Forwarded-Proto $scheme;
  32. # ESP8266 custom headers which identify to the device that it's running through an SSL proxy
  33. proxy_set_header X-SSL On;
  34. proxy_set_header X-SSL-WebserverPort 50080;
  35. proxy_set_header X-SSL-WebsocketPort 50081;
  36. # extra debug headers
  37. add_header X-Proxy-Cache $upstream_cache_status;
  38. add_header X-Forwarded-For $proxy_add_x_forwarded_for;
  39. # actual proxying configuration
  40. proxy_ssl_session_reuse on;
  41. # target the IP address of the device with proxy_pass
  42. proxy_pass http://192.168.0.20;
  43. proxy_read_timeout 90;
  44. }
  45. }
  46. # websocket proxy
  47. server {
  48. # general server parameters
  49. listen 50081;
  50. server_name myDomain.net;
  51. access_log /opt/var/log/nginx/myDomain.net.wss.access.log;
  52. # SSL configuration
  53. ssl on;
  54. ssl_certificate /usr/builtin/etc/certificate/lets-encrypt/myDomain.net/fullchain.pem;
  55. ssl_certificate_key /usr/builtin/etc/certificate/lets-encrypt/myDomain.net/privkey.pem;
  56. ssl_session_cache builtin:1000 shared:SSL:10m;
  57. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  58. ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  59. ssl_prefer_server_ciphers on;
  60. location / {
  61. # websocket upgrade tunnel configuration
  62. proxy_pass http://192.168.0.20:81;
  63. proxy_http_version 1.1;
  64. proxy_set_header Upgrade $http_upgrade;
  65. proxy_set_header Connection "Upgrade";
  66. proxy_read_timeout 86400;
  67. }
  68. }