CA
openssl genrsa -des3 -out ca.key 2048
openssl rsa -in ca.key -out ca.key
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 3650 -sha1 -extensions v3_ca -signkey ca.key -in ca.csr -out ca.crt
openssl genrsa -des3 -out server.key 2048
openssl rsa -in server.key -out server.key
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -sha1 -extensions v3_req -CA ca.crt -CAkey ca.key -CAserial ca.srl -CAcreateserial -in server.csr -out server.crt
server {
ssl on;
ssl_certificate /your/certs/path/server.crt;
ssl_certificate_key /your/certs/path/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
listen 8443 ssl;
listen 8080;
server_name 192.168.6.106;
# ssl_client_certificate /your/certs/path/ca.crt;
# ssl_verify_client on;
# ssl_session_timeout 5m;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
client_max_body_size 400m;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
# proxy_redirect http:// $scheme://;
}
}
nginx -t
nginx -s reload