spamguy · January 6, 2017 15:09
diff --git a/diplicity.conf b/diplicity.conf
 server {
    listen                     3000 ssl;
    listen                     [::]:3000;
    error_log                  /usr/local/var/log/nginx/error.log;
    access_log                 /usr/local/var/log/nginx/access.log;

    # Google DNS, Open DNS, Dyn DNS
    resolver                   8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 216.146.35.35 216.146.36.36 valid=300s;
    resolver_timeout           3s;

    ssl on;
    ssl_certificate            /Users/woram/src/dipl.io/dev_certs/server/my-server.crt.pem;
    ssl_certificate_key        /Users/woram/src/dipl.io/dev_certs/server/my-server.key.pem;
    ssl_trusted_certificate    /Users/woram/src/dipl.io/dev_certs/server/my-root-ca.crt.pem;
    ssl_stapling               off;
    ssl_stapling_verify        off;
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers  on;
    ssl_ecdh_curve             secp384r1;
    ssl_ciphers                'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

    # HTTPS redirect
    error_page 497 301 https://$host:3000$request_uri;

    location / {
        add_header             Pragma "no-cache";
        add_header             Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0";
        expires                -1;

        proxy_pass             http://127.0.0.1:8080$request_uri;
        proxy_redirect         off;
        proxy_set_header       Host $host:$server_port;
        proxy_set_header       X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header       X-Forwarded-Proto $scheme;
        proxy_set_header       X-Forwarded-Ssl on;
    }
 }
	server {
	listen 3000 ssl;
	listen [::]:3000;
	error_log /usr/local/var/log/nginx/error.log;
	access_log /usr/local/var/log/nginx/access.log;

	# Google DNS, Open DNS, Dyn DNS
	resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 216.146.35.35 216.146.36.36 valid=300s;
	resolver_timeout 3s;

	ssl on;
	ssl_certificate /Users/woram/src/dipl.io/dev_certs/server/my-server.crt.pem;
	ssl_certificate_key /Users/woram/src/dipl.io/dev_certs/server/my-server.key.pem;
	ssl_trusted_certificate /Users/woram/src/dipl.io/dev_certs/server/my-root-ca.crt.pem;
	ssl_stapling off;
	ssl_stapling_verify off;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ecdh_curve secp384r1;
	ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

	# HTTPS redirect
	error_page 497 301 https://$host:3000$request_uri;

	location / {
	add_header Pragma "no-cache";
	add_header Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0";
	expires -1;

	proxy_pass http://127.0.0.1:8080$request_uri;
	proxy_redirect off;
	proxy_set_header Host $host:$server_port;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-Ssl on;
	}
	}