nginx.conf

# This is not a complete Nginx configuration! It only shows the relevant parts for integrating Diaspora.
# [...]

http {

 # Your standard server configuration goes here

 # [...]

 # This vhost just redirects to HTTPS

 server {
   # If your host is not IPv6 ready use listen 80; here.
   # Add ipv6only=off to your listen directive that has default_server.
   # Or this one if this is your only vhost. Do not add it to both!
   listen [::]:80;

   server_name diaspora.example.org;
   rewrite ^/(.*) https://diaspora.example.org/$1 permanent;
  }

  # Actual proxy

  server {
    listen [::]:443; # Same rules as for listen [::]:80 apply.
    server_name diaspora.example.org;
    root /path/to/diaspora/public;

    # Configure maximum picture size
    # Note that Diaspora has a client side check set at 4M
    client_max_body_size 5M;

    # SSL setup

    ssl on;
    # This file should also include any necessary intermediate certificates
    # For example for StartSSL that would be http://www.startssl.com/certs/sub.class1.server.ca.pem
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private_key.key;
    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers               ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;
    ssl_session_cache         shared:SSL:10m;
    ssl_prefer_server_ciphers on;

    # Proxy if requested file not found
    try_files $uri @diaspora;

    location @diaspora {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $http_host;
      proxy_redirect off;

      proxy_pass http://diaspora_server;
    }
  }

  # Proxy destination
  # Add as many server directives as you want
  # Also takes a socket, like unix:/path/to/some/socket.sock
  upstream diaspora_server {
    server 127.0.0.1:3000;
  }
}

# [...]