taka-wang · August 29, 2015 14:00
diff --git a/nginx.conf b/nginx.conf
 upstream nodejs {  
    server 127.0.0.1:3000;  
 }

 server {  
    listen 443;  
    ssl  on;  
    server_name localhost;  
    ssl_certificate       /etc/nginx/certs/server.crt;  
    ssl_certificate_key   /etc/nginx/certs/server.key;  
    ssl_client_certificate /etc/nginx/certs/ca.crt;  
    ssl_verify_client  optional; # on  
    
    add_header Strict-Transport-Security max-age=500;  
   
    location / {  
        proxy_pass http://nodejs;  
        proxy_redirect off;  
        proxy_set_header Host $host ;  
        proxy_set_header X-Real-IP $remote_addr ;  
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;  
        proxy_set_header X-Forwarded-Proto https;  
    }  
 } 
diff --git a/test.sh b/test.sh
 curl -v -s -k --key client.key --cert client.crt https://example.com 
 wget --certificate=client.crt --private-key=client.key --no-check-certificate https://example.com -qO-
	upstream nodejs {
	server 127.0.0.1:3000;
	}

	server {
	listen 443;
	ssl on;
	server_name localhost;
	ssl_certificate /etc/nginx/certs/server.crt;
	ssl_certificate_key /etc/nginx/certs/server.key;
	ssl_client_certificate /etc/nginx/certs/ca.crt;
	ssl_verify_client optional; # on

	add_header Strict-Transport-Security max-age=500;

	location / {
	proxy_pass http://nodejs;
	proxy_redirect off;
	proxy_set_header Host $host ;
	proxy_set_header X-Real-IP $remote_addr ;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
	proxy_set_header X-Forwarded-Proto https;
	}
	}
	curl -v -s -k --key client.key --cert client.crt https://example.com
	wget --certificate=client.crt --private-key=client.key --no-check-certificate https://example.com -qO-