Update nginx to use SSL

diff --git a/server-configs/gen_ssl_cert.sh b/server-configs/gen_ssl_cert.sh
new file mode 100644 (file)
index 0000000..1342562
--- /dev/null
+++ b/server-configs/gen_ssl_cert.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Check input params
+if [ $# -ne 1 ]; then
+       (echo "Usage: $0 common-name") 1>&2
+       exit 1
+fi
+
+# Check running as root
+if [ "$(whoami)" != "root" ]; then
+        (echo "Run $0 as root.") 1>&2
+        exit 1
+fi
+
+echo 'Making the conf dir /usr/share/nginx/conf...'
+mkdir -p /usr/share/nginx/conf
+
+echo Generating the server private key...
+openssl genrsa -out /usr/share/nginx/conf/server.key 2048
+
+echo Generating the CSR...
+openssl req -new -key /usr/share/nginx/conf/server.key \
+-out /usr/share/nginx/conf/server.csr \
+ -subj "/C=AU/ST=WA/L=Perth/O=UWA/OU=Mechatronics/CN=$1"
+
+echo Signing the certificate...
+openssl x509 -req -days 3650 -in /usr/share/nginx/conf/server.csr \
+-signkey /usr/share/nginx/conf/server.key \
+-out /usr/share/nginx/conf/server.crt
+
+

diff --git a/server-configs/nginx/sites-enabled/mctxconfig b/server-configs/nginx/sites-enabled/mctxconfig
index 82d972a..1be361a 100644 (file)
--- a/server-configs/nginx/sites-enabled/mctxconfig
+++ b/server-configs/nginx/sites-enabled/mctxconfig
@@ -1,5 +1,21 @@
 server {
-       listen 80;
+       #Redirect HTTP to HTTPS
+       listen         [::]:80;
+       return 301 https://$host$request_uri;
+}
+
+server {
+       listen 443;
+
+       ssl on;
+       ssl_certificate /usr/share/nginx/conf/server.crt;
+       ssl_certificate_key /usr/share/nginx/conf/server.key;
+
+       ssl_session_timeout 5m;
+
+       ssl_protocols SSLv3 TLSv1;
+       ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
+       ssl_prefer_server_ciphers on;
 
        #Change this to match your root directory
        root /usr/share/nginx/www;