Thanks, so in my NAT'ed case using cwp-el7-latest, under /etc/nginx/conf.d, there are two Nginx config files: one with domain name and the other is ip address number. Which one or how should I change?
1. Public_IP_number.conf pointing to local IP address, such as 172.217.6.46.conf:
server {
listen 192.168.0.1:80;
....
server_name 172.217.6.46;
root /usr/local/apache/htdocs;
.....
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
...
}
2. my.domain.name.conf, such as google.com.conf
server {
listen 192.168.0.1:80;
..
server_name google.com www.google.com;
root /home/user/public_html;
...
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
}
I need to add the following lines to Nginx config, but what is my IP? the local one or the public one?
source: http://forum.centos-webpanel.com/ssl/if-i-force-ssl-across-my-domain-will-i-loose-the-benfits-of-varnishnginx
listen YOUR_IP:443 ssl;
ssl_certificate path_to/cert.pem;
ssl_certificate_key path_to/privkey.pem;
Will the Nginx change above alter mod_security? Really appreciate your comments and have a great weekend!
In the ip and my domain conf change the port to 443 so that that server listens to that port
listen YOUR_IP:443 ssl;
public ip
wha u just did (more for my brains then yours)
u came from nginx on port 80 passing to proxy apache port8181
Now u changed nginx to listen to port 443
only need to rewrite requests from port 80 to 443
server {
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name my.domain.com;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000";
[....]
}