nginxでssl offloadしてtomcatをバックに置く場合の簡易設定メモです。 nginx /etc/nginx/conf.d/app.conf upstream app { server localhost:8080; keepalive 16; } server { listen *:443 default_server; server_name app.example.com; server_tokens off; # ssl ssl on; ssl_certificate /etc/nginx/certs/app/certificate.crt; ssl_certificate_key /etc/nginx/certs/app/rsa-secret.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!AD