월요일, 5월 27, 2024
HomeLinuxhow to ubuntu 14.04 nginx SSL

how to ubuntu 14.04 nginx SSL

how to ubuntu 14.04 nginx SSL

1. 개인키 생성 

openssl genrsa -des3 -out yourdomain.com.key 4096         

Generating RSA private key, 4096 bit long modulus                 
......................................................................++                   
..........................................................++                     
e is 65537 (0x10001)                       
Enter pass phrase for yourdomain.com.key: yourpasswd               
Verifying - Enter pass phrase for yourdomain.com.key:   

2. CSR 생성

openssl req -new -key yourdomain.com.key -out yourdomain.com.csr

Enter pass phrase for yourdomain.com.key:                 
You are about to be asked to enter information that will be incorporated           
into your certificate request.                     
What you are about to enter is what is called a Distinguished Name or a DN.           
There are quite a few fields but you can leave some blank               
For some fields there will be a default value,                 
If you enter '.', the field will be left blank.                   
-----                         
Country Name (2 letter code) [AU]:                   
State or Province Name (full name) [Some-State]:               
Locality Name (eg, city) []:                   
Organization Name (eg, company) [Internet Widgits Pty Ltd]:      
Organizational Unit Name (eg, section) []:      
Common Name (e.g. server FQDN or YOUR name) []:yourdomain.com           
Email Address []:youremail@yourdomain.com               
Please enter the following 'extra' attributes                 
to be sent with your certificate request                   
A challenge password []: enter                     
An optional company name []: enter 

3. 자체 서명된 SSL 인증서 생성

openssl x509 -req -days 365 -in yourdomain.com.csr -signkey yourdomain.com.key -out yourdomain.com.crt

4. nginx conf

server {
       listen 443;
       listen localhost:443;
       server_name localhost;

       charset utf-8;

       ssl on;

       ssl_certificate /nginx/security/yourdomain.com.crt;
       ssl_certificate_key /nginx/security/yourdomain.com.key;

       ssl_session_timeout 5m;
       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
       ssl_ciphers RC4:HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers on;

       root /var/html/;

       index index.html index.php;

       error_page 403 = /403.html;
       error_page 404 = /404.html;

       client_max_body_size 20M;
       client_body_buffer_size 128k;

       location / {
               try_files $uri $uri/ =404;
       }

       location ~ \.php$ {
              try_files $uri =404;
              fastcgi_split_path_info ^(.+\.php)(.*)$;
              fastcgi_pass   unix:/var/run/php5-fpm.sock;
              fastcgi_index  index.php;
              fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
              include        fastcgi_params;
              include mime.types;
       }
}
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Time limit exceeded. Please complete the captcha once again.

Most Popular