The following article explains how to install Nginx to act as a proxy allowing access to Pyramid using HTTPS. The configuration setup described will also support WebSocket needed to allow Pyramid Pulse connections if required.

Prerequisites

• You must already have your SSL certificate on your server (chain.pem and privkey.pem / .crt and .rsa files). You can buy an SSL certificate from a reputable source for your Pyramid site or create a self-signed one (not recommended).
• Port 443 must be open inwards on both the server (that you Nginx is installed on), firewall and any external firewalls.
• You have purchased a public DNS record which is pointing to your Public IP address which in turn is pointing to the server that will have Nginx install on.

1) Install Nginx as follows (we assume the install is being done on Ubuntu but any Linux version that Nginx supports can be used.)

sudo apt-get update
sudo apt-get install nginx

2) Create the folder called "certs" and then copy across your two certificate files to this folder.

cd /etc/nginx/sudo mkdir certs

3) Configure Nginx by running the following commands:

sudo unlink /etc/nginx/sites-enabled/default
cd /etc/nginx/sites-available/
sudo nano reverse-proxy.conf

The last command will open a text file, and the below should be pasted into it.
(Edit the names of the "chain.pem" and "privkey.pem" to the names of your certificate files.)
If the Pyramid web server is not running on the same server, then change localhost to the name of the server on which the Pyramid web service is running.
Update the "yourServername.mycompany.com" to the DNS site name that will be used to browse Pyramid

server {
  listen 443 ssl;
    ssl_certificate /etc/nginx/certs/chain.pem;
    ssl_certificate_key /etc/nginx/certs/privkey.pem;
    server_name yourServername.mycompany.com;
    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    location / {
proxy_pass http://localhost:8181;
    }
location /events {
proxy_pass http://localhost:8181/events;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}

4) Enable the site 

sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf

5) Test to make sure there are no errors and restart Nginx 

service nginx configtest
sudo service nginx restart

6) Test to see if you can browse to your site using SSL and if relevant that any Pyramid Pulse servers can connect to your Pyramid instance.