/ nginx

SSL with nignx

https://www.namecheap.com 에서 도메인을 구입하고 SSL도 함께 구입했다.
가장 저렴한 single ssl을 적용해보자.
적용할 도메인 : mydomain.com

generate CSR

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Organization / Organization Unit : NA
Common Name : mydomain.com

생성된 server.csr 내용을 namecheap ssl 관리하는 곳에서 등록한다.

settings nginx

mail 로 받은 인증서를 cert-chain.crt 파일 하나로 만든다.

cat *yourdomainname*.crt ComodoRSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> cert_chain.crt
server {
    charset utf-8;
    server_name somedomain.us *.somedomain.us;
    rewrite  ^/(.*)$  https://somedomain.us/$1  permanent;
}

server {
    listen   443;
    charset utf-8;
    server_name *.somedomain.us;
    ssl    on;
    ssl_certificate    /etc/nginx/ssl/somedomain_cert_chain.crt;
    ssl_certificate_key    /etc/nginx/ssl/somedomain_us.key;

    rewrite  ^/(.*)$  https://somedomain.us/$1  permanent;
}

server {
    listen   443;
    ssl    on;
    ssl_certificate    /etc/nginx/ssl/somedomain_cert_chain.crt;
    ssl_certificate_key /etc/nginx/ssl/somedomain_us.key;
    charset utf-8;
    server_name somedomain.us;

    access_log /var/log/nginx/somedomain.access.log;
    error_log /var/log/nginx/somedomain.error.log;

    location / {
        proxy_pass http://127.0.0.1:40023;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }
}

Resource