server { listen 80; server_name nifi.example.com; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name nifi.example.com; ssl_certificate ssl/example/example.com.crt; ssl_certificate_key ssl/example/example.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { if ($request_uri ~* "\/\/") { rewrite ^/(.*) $scheme://$host/$1 permanent; # FIXME: squeeze forward slash } proxy_set_header X-ProxyScheme https; proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 443; proxy_set_header X-ProxyContextPath /; proxy_pass http://127.0.0.1:8080; } location /nifi-registry { proxy_set_header Origin http://172.16.1.9:18080; proxy_set_header X-ProxyScheme https; proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 443; proxy_set_header X-ProxyContextPath /; proxy_pass http://127.0.0.1:18080; } }