server {
listen 4443 ssl;
server_name 127.0.0.1;
ssl on;
ssl_certificate /usr/local/nginx/ssl/server_cert.crt;
ssl_certificate_key /usr/local/nginx/ssl/private.key;
ssl_dhparam /usr/local/nginx_ssl/ssl/dhparams.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
proxy_redirect http:// $scheme://;
port_in_redirect on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-Xss-Protection 1;
location /group1/ {
proxy_pass https://127.0.0.1:8000/group1/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}