SSL
Jump to navigation
Jump to search
nginx and SSL ?
- Encrypted transport over which HTTP runs
- Decent performance with nginx
- Can be combined with other features
- nginx can handle SSL and proxy to another application
SSL ?
- Public key encryption
- **Private key** - should exist only on the server and not be transferred
- **Certificate** - purchased from a third party who (should) verify that the recipient really is who they say they are
- Safe to copy wherever/however you like - a copy given to every visitor to the website
Getting an SSL certificate ?
- First, generate a private key
$ openssl genrsa -des3 -out server.key 2048
- Next, generate a certificate signing request (CSR)
$ openssl req -new -key server.key -out server.csr
- Now give the CSR to wherever you are buying the certificate from, and wait for them to send you an SSL cert
Using SSL Certificates ?
- When you receive the SSL certificate, you will also receive an intermediary certificate
- For nginx, this needs to be appended to the certificate
$ cat intermediate.crt >> certificate.crt
Adding SSL to nginx ?
server {
listen 443 default ssl;
server_name www.example.com;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 SSLv3;
ssl_ciphers RC4:HIGH:!aNULL:!MD5:@STRENGTH;
ssl_certificate /etc/nginx/www.example.com.crt;
ssl_certificate_key /etc/nginx/www.example.com.key;
location / {
root /usr/share/nginx/html;
index index.html index.html;
}
}
Exercise ?
- Generate a private key + CSR, send to me to be signed
- Install provided certificate
- Make /foo proxy to the server on localhost:8000
