Recently, I've encountered interesting task. I should create proxy with apache or nginx for weblogic application. So this article will be about it.

Overall configuration is following:

worker_processes  1;

error_log  logs/error.log;  
error_log  logs/error.log  notice;  
error_log  logs/error.log  info;

pid        logs/nginx.pid;


events {  
    worker_connections  1024;
}


http {  
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;

    # 1
    proxy_buffer_size   128k;
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;

    # Redirect all http to https
    server {
        listen 80;
        server_name example.com;
        # 2
        return 301 https://$server_name$request_uri;
    }

    # SSL configuration
    server {
        #3
        listen 443 ssl;
        server_name example.com;

        ssl_certificate           certs/example.com.cer;
        ssl_certificate_key       certs/example.com.key;

        # Default SSL configuration
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        #4
        ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";
        ssl_prefer_server_ciphers on;

        #5
        add_header Strict-Transport-Security max-age=31536000;

        access_log            logs/nginx/access.log;

        location / {
            proxy_set_header        Host $host;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Proto $scheme;
            proxy_set_header        X-Front-End-Https on;

            # Fix the “It appears that your reverse proxy set up is broken" error.
            #6
            proxy_pass          http://localhost:8282;
            proxy_read_timeout  90;

            # Server is configured to answer as http request, so forward it to https
            #7
            proxy_redirect      http://example.com/ https://example.com/;
        }
    }

}

It's quite common configuration for HTTP to HTTPS forwarding with nginx. I've grab it from official website and this article will add some minor information about configuration, so you'll get basic understanding what is going on in this config file.

#1 - while using proxy you could encounter following error:

[error] 2007#0: *5778 upstream sent too big header while reading response header from upstream:

So setting buffer size will resolve this error. It's really important part of the configuration, because without it you'll receive 502 or 503 error and you won't be able to continue working with your website.

#2 - is reccomended redirection to another URL. If you have previous expirience with nginx, you could use your past knowledge, but this is reccomended way to redirect user to HTTPS.

#3 - this is also recommendation. Because you could also use directive ssl on;. This way of defining the ssl I think more convinient and readable.

#4 - this huge list of ciphers was used from StackOverflow question. It will allow to use modern encrypting algorithms, but at the same time you'll have support for older browsers.

#5 - header that prevent man-in-the-middle attack. It tells visitor that website is using HTTPS connection.

#6 - this line will specify which IP and port should be proxied. With this you'll be able to use several web-servers on one machine and proxy different uris with them.

#7 - other web servers couldn't know about SSL usage, so they will return simple response. This could cause Mixed content error.