svrooij · August 4, 2017 14:51
diff --git a/nginx.domain.config b/nginx.domain.config
 server {
        listen 80;
        server_name your-domain.com;
        root /your/domains/fake/root;

        # This means try to get the challenge files
        location /.well-known/acme-challenge/ {
                try_files $uri /dev/null =404;
        }

        location / {
                return 301 https://$host$request_uri;
        }
 }
 # Where your kestrel server is running.
 upstream onboard.local {
        server 127.0.0.1:8000;
 }

 server {
        listen 443 ssl http2;

        server_name your-domain.com;
        ssl on;
        ssl_session_timeout  20m;
        ssl_session_cache    shared:SSL:10m;
        ssl_certificate /etc/letsencrypt/live/fake/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/fake/privkey.pem; # managed by Certbot
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECD$
        ssl_dhparam /etc/nginx/ssl/dhparams.pem;

        location / {

                # Solution found on https://talk.plesk.com/threads/nginx-error-upstream-sent-too-big-header.338232/#post-802813
                # This fixes the 'upstream sent too big header while reading response from upstream' error
                proxy_buffering on;
                proxy_buffer_size 128k;
                proxy_buffers 4 256k;
                proxy_busy_buffers_size 256k;

                # Proxy the request to this upstream server
                proxy_pass http://onboard.local;

                # Kestrel speaks HTTP/1.1 only
                proxy_http_version 1.1;

                # Set the host on the request, this way the server knows the actual url.
                proxy_set_header Host $host;

                # Add the X-Forwarded-* headers to be used by the Microsoft.AspNetCore.HttpOverrides middleware
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Proto $scheme;

                # Send the IP of the user to kestrel
                proxy_set_header X-Real-IP $remote_addr;
        }

 }
diff --git a/Startup.cs b/Startup.cs
 ...
 using Microsoft.AspNetCore.HttpOverrides;
 ...

 namespace HttpOverrides.Sample
 {
  public class Startup
  {
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
      //... logging
      var forwarderOptions = new ForwardedHeadersOptions{
        ForwardedHeaders = ForwardedHeaders.XForwardedProto // Maybe | ForwardedHeaders.XForwardedFor
      };
      forwarderOptions.KnownNetworks.Clear(); //Needed for running in docker
      forwarderOptions.KnownProxies.Clear();  //Needed for funning in docker
      app.UseForwardedHeaders(forwarderOptions);

    }
  }
    
 }
	server {
	listen 80;
	server_name your-domain.com;
	root /your/domains/fake/root;

	# This means try to get the challenge files
	location /.well-known/acme-challenge/ {
	try_files $uri /dev/null =404;
	}

	location / {
	return 301 https://$host$request_uri;
	}
	}
	# Where your kestrel server is running.
	upstream onboard.local {
	server 127.0.0.1:8000;
	}

	server {
	listen 443 ssl http2;

	server_name your-domain.com;
	ssl on;
	ssl_session_timeout 20m;
	ssl_session_cache shared:SSL:10m;
	ssl_certificate /etc/letsencrypt/live/fake/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/fake/privkey.pem; # managed by Certbot
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECD$
	ssl_dhparam /etc/nginx/ssl/dhparams.pem;

	location / {

	# Solution found on https://talk.plesk.com/threads/nginx-error-upstream-sent-too-big-header.338232/#post-802813
	# This fixes the 'upstream sent too big header while reading response from upstream' error
	proxy_buffering on;
	proxy_buffer_size 128k;
	proxy_buffers 4 256k;
	proxy_busy_buffers_size 256k;

	# Proxy the request to this upstream server
	proxy_pass http://onboard.local;

	# Kestrel speaks HTTP/1.1 only
	proxy_http_version 1.1;

	# Set the host on the request, this way the server knows the actual url.
	proxy_set_header Host $host;

	# Add the X-Forwarded-* headers to be used by the Microsoft.AspNetCore.HttpOverrides middleware
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;

	# Send the IP of the user to kestrel
	proxy_set_header X-Real-IP $remote_addr;
	}

	}
	...
	using Microsoft.AspNetCore.HttpOverrides;
	...

	namespace HttpOverrides.Sample
	{
	public class Startup
	{
	public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
	{
	//... logging
	var forwarderOptions = new ForwardedHeadersOptions{
	ForwardedHeaders = ForwardedHeaders.XForwardedProto // Maybe \| ForwardedHeaders.XForwardedFor
	};
	forwarderOptions.KnownNetworks.Clear(); //Needed for running in docker
	forwarderOptions.KnownProxies.Clear(); //Needed for funning in docker
	app.UseForwardedHeaders(forwarderOptions);

	}
	}

	}