server { listen 80 default_server; listen 443 ssl default_server; server_name ansible.http.tests _; ssl_certificate /root/ca/ansible.http.tests-cert.pem; ssl_certificate_key /root/ca/private/ansible.http.tests-key.pem; ssl_client_certificate /root/ca/cacert.pem; ssl_verify_client optional; location =/cacert.pem { alias /usr/share/nginx/html/cacert.pem; } location =/client.key { alias /usr/share/nginx/html/client.key; } location =/client.pem { alias /usr/share/nginx/html/client.pem; } location =/ssl_client_verify { return 200 "ansible.http.tests:$ssl_client_verify"; } location / { proxy_pass http://127.0.0.1:8000; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_redirect off; } } server { listen 80; listen 443 ssl; server_name sni1.ansible.http.tests; ssl_certificate /root/ca/sni1.ansible.http.tests-cert.pem; ssl_certificate_key /root/ca/private/sni1.ansible.http.tests-key.pem; location / { return 200 "sni1.ansible.http.tests"; } } server { listen 80; listen 443 ssl; server_name sni2.ansible.http.tests; ssl_certificate /root/ca/sni2.ansible.http.tests-cert.pem; ssl_certificate_key /root/ca/private/sni2.ansible.http.tests-key.pem; location / { return 200 "sni2.ansible.http.tests"; } } server { listen 80; server_name fail.ansible.http.tests; rewrite /(.*) https://$host/$1 permanent; }