user nginx nginx; worker_processes 1; error_log /var/log/nginx/error_log info; events { worker_connections 1024; use epoll; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] ' '"$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" ' '"$gzip_ratio"'; client_header_timeout 10m; client_body_timeout 10m; send_timeout 10m; connection_pool_size 256; client_header_buffer_size 1k; large_client_header_buffers 4 2k; request_pool_size 4k; gzip on; gzip_min_length 1100; gzip_buffers 4 8k; gzip_types text/plain; output_buffers 1 32k; postpone_output 1460; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 75 20; ignore_invalid_headers on; ssl_session_cache shared:SSL:10m; index index.html; server { listen 127.0.0.1; server_name localhost; access_log /var/log/nginx/localhost.access_log main; error_log /var/log/nginx/localhost.error_log info; root /var/www/localhost/htdocs; } # SSL example server { listen 127.0.0.1:443; server_name localhost; ssl on; ssl_certificate /etc/ssl/nginx/nginx-server.pem; ssl_client_certificate /etc/ssl/nginx/cacert.pem; ssl_certificate_key /etc/ssl/nginx/nginx.key; ssl_verify_client optional; access_log /var/log/nginx/localhost.ssl_access_log main; error_log /var/log/nginx/localhost.ssl_error_log info; root /var/www/localhost/htdocs; set $web2pyroot /home/Desktop/source/michelecomitini-facebookaccess; location /pki/ { root /var/www/localhost/html; } location ~* ^/(\w+)/static(?:/_[\d]+\.[\d]+\.[\d]+)?/(.*)$ { alias $web2pyroot/applications/$1/static/$2; expires max; } location / { include /etc/nginx/scgi_params; scgi_pass 127.0.0.1:4000; #Module ngx_http_ssl_module supports the following built-in variables: #$ssl_cipher returns the cipher suite being used for the currently established SSL/TLS connection #$ssl_client_serial returns the serial number of the client certificate for the currently established SSL/TLS connection — if applicable, i.e., if client authentication is activated in the connection #$ssl_client_s_dn returns the subject Distinguished Name (DN) of the client certificate for the currently established SSL/TLS connection — if applicable, i.e., if client authentication is activated in the connection #$ssl_client_i_dn returns the issuer DN of the client certificate for the currently established SSL/TLS connection — if applicable, i.e., if client authentication is activated in the connection #$ssl_protocol returns the protocol of the currently established SSL/TLS connection — depending on the configuration and client available options it's one of SSLv2, SSLv3 or TLSv1 #$ssl_session_id the Session ID of the established secure connection — requires Nginx version greater or equal to 0.8.20 #$ssl_client_cert #$ssl_client_raw_cert #$ssl_client_verify takes the value "SUCCESS" when the client certificate is successfully verified scgi_param SSL_PROTOCOL $ssl_protocol; scgi_param HTTPS on; scgi_param SSL_CIPHER $ssl_cipher; scgi_param SSL_CLIENT_SERIAL $ssl_client_serial; scgi_param SSL_CLIENT_S_DN $ssl_client_s_dn; scgi_param SSL_CLIENT_I_DN $ssl_client_i_dn; scgi_param SSL_SESSION_ID $ssl_session_id; scgi_param SSL_CLIENT_CERT $ssl_client_cert; scgi_param SSL_CLIENT_RAW_CERT $ssl_client_raw_cert; scgi_param SSL_CLIENT_VERIFY $ssl_client_verify; } } }