worker_processes 1;
daemon off;
events {
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
error_log stderr info;
# Gateway
server {
listen 8080;
server_name _;
location / {
proxy_pass https://127.0.0.1:8443;
proxy_ssl_certificate certs/client.crt;
proxy_ssl_certificate_key certs/client.key;
proxy_ssl_trusted_certificate certs/ca.crt;
proxy_ssl_verify off;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
# proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
}
# Upstream
server {
listen 8443 ssl;
server_name _;
ssl_certificate certs/server.crt;
ssl_certificate_key certs/server.key;
# ssl_password_file certs/password_file;
ssl_client_certificate certs/ca.crt;
# ssl_verify_client optional_no_ca; # | optional | off | on
ssl_verify_client on;
location / {
return 200 "\rhello!";
}
}
}