From 50183d6a5cd89f8eff2cbe12262b46f5ec68d8a2 Mon Sep 17 00:00:00 2001 From: Jeremy Tan Date: Mon, 30 Sep 2013 12:11:38 +0800 Subject: [PATCH] Update nginx to use SSL --- server-configs/gen_ssl_cert.sh | 31 +++++++++++++++++++ server-configs/nginx/sites-enabled/mctxconfig | 18 ++++++++++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 server-configs/gen_ssl_cert.sh diff --git a/server-configs/gen_ssl_cert.sh b/server-configs/gen_ssl_cert.sh new file mode 100644 index 0000000..1342562 --- /dev/null +++ b/server-configs/gen_ssl_cert.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# Check input params +if [ $# -ne 1 ]; then + (echo "Usage: $0 common-name") 1>&2 + exit 1 +fi + +# Check running as root +if [ "$(whoami)" != "root" ]; then + (echo "Run $0 as root.") 1>&2 + exit 1 +fi + +echo 'Making the conf dir /usr/share/nginx/conf...' +mkdir -p /usr/share/nginx/conf + +echo Generating the server private key... +openssl genrsa -out /usr/share/nginx/conf/server.key 2048 + +echo Generating the CSR... +openssl req -new -key /usr/share/nginx/conf/server.key \ +-out /usr/share/nginx/conf/server.csr \ + -subj "/C=AU/ST=WA/L=Perth/O=UWA/OU=Mechatronics/CN=$1" + +echo Signing the certificate... +openssl x509 -req -days 3650 -in /usr/share/nginx/conf/server.csr \ +-signkey /usr/share/nginx/conf/server.key \ +-out /usr/share/nginx/conf/server.crt + + diff --git a/server-configs/nginx/sites-enabled/mctxconfig b/server-configs/nginx/sites-enabled/mctxconfig index 82d972a..1be361a 100644 --- a/server-configs/nginx/sites-enabled/mctxconfig +++ b/server-configs/nginx/sites-enabled/mctxconfig @@ -1,5 +1,21 @@ server { - listen 80; + #Redirect HTTP to HTTPS + listen [::]:80; + return 301 https://$host$request_uri; +} + +server { + listen 443; + + ssl on; + ssl_certificate /usr/share/nginx/conf/server.crt; + ssl_certificate_key /usr/share/nginx/conf/server.key; + + ssl_session_timeout 5m; + + ssl_protocols SSLv3 TLSv1; + ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; + ssl_prefer_server_ciphers on; #Change this to match your root directory root /usr/share/nginx/www; -- 2.20.1