Create a Self-Signed SSL Certificate for Nginx
紀錄在 Nginx 安裝自簽的 SSL 憑證.
使用 openssl 建立自簽憑證
1sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/certs/nginx-selfsigned.key -out /etc/nginx/certs/nginx-selfsigned.crt
1sudo openssl dhparam -out /etc/nginx/certs/dhparam.pem 2048
Setting Nginx configuration
1ssl_certificate /etc/nginx/certs/nginx-selfsigned.crt;
2ssl_certificate_key /etc/nginx/certs/nginx-selfsigned.key;
3ssl_dhparam /etc/nginx/certs/dhparam.pem;
1server {
2 listen 443 ssl;
3 server_name _;
4 index index.html index.php;
5 access_log /var/log/nginx/access.log main;
6 error_log /var/log/nginx/error.log error;
7
8 location / {
9 proxy_pass http://backend;
10 }
11
12 location ~ /\.ht {
13 deny all;
14 }
15}