.. _fronting-with-nginx: Fronting with nginx =================== It is recommended to proxy traffic to both ZoneControl and the PowerDNS Authoritative server through the `nginx webserver `_. This will catch possibly broken HTTP requests and allows for SSL termination. ZoneControl ----------- To proxy to a ZoneControl instance running on ``127.0.0.1:8083``, the following configuration is a good starting point. Don’t forget to set the ``ssl_certificate`` and ``ssl_certificate_key`` directives to your certificates and keys. .. code-block:: nginx server { # redirect to https listen 80; listen [::]:80; server_name _; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log error; location / { return 301 https://$http_host$request_uri; } } server { listen 443 ssl; listen [::]:443 ssl; server_name _; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log error; ssl_certificate /etc/ssl/public/chain.pem; ssl_certificate_key /etc/ssl/private/privkey.pem; location / { proxy_pass http://127.0.0.1:8053/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; proxy_buffering off; } } PowerDNS Authoritative Server ----------------------------- Fronting the PowerDNS Authoritative Server with nginx is very similar to fronting ZoneControl. The biggest difference is that HTTP is disabled and no headers are passed to the server. Don’t forget to set the ``ssl_certificate`` and ``ssl_certificate_key`` directives to your certificates and keys. .. code-block:: nginx server { listen 443 ssl; listen [::]:443 ssl; server_name _; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log error; ssl_certificate /etc/ssl/public/chain.pem; ssl_certificate_key /etc/ssl/private/privkey.pem; location / { proxy_pass http://127.0.0.1:8081/; proxy_redirect off; proxy_buffering off; } }