Difference between revisions of "Nginx"

From Organic Design wiki
(See also: SSL - self-signed)
m (Self-signed SSL certificates)
Line 12: Line 12:
  
 
First we need to create a private key. Note that this process will require a pass-phrase for the key - don't worry, we'll remove it later to make things easier,
 
First we need to create a private key. Note that this process will require a pass-phrase for the key - don't worry, we'll remove it later to make things easier,
{{code|<bash>openssl genrsa -des3 -out ssl.key 1024</bash>}}
+
{{code|<pre>openssl genrsa -des3 -out ssl.key 1024</pre>}}
  
  
 
Now we need to create a CSR (Certificate Signing Request):
 
Now we need to create a CSR (Certificate Signing Request):
{{code|<bash>openssl req -new -key ssl.key -out ssl.csr</bash>}}
+
{{code|<pre>openssl req -new -key ssl.key -out ssl.csr</pre>}}
  
  
 
Now we need to remove the pass-phrase otherwise it'll prevent the web-server from restarting without it being entered (you'll need to enter the pass-phrase to remove it though),
 
Now we need to remove the pass-phrase otherwise it'll prevent the web-server from restarting without it being entered (you'll need to enter the pass-phrase to remove it though),
{{code|<bash>cp ssl.key ssl-pass.key
+
{{code|<pre>cp ssl.key ssl-pass.key
openssl rsa -in ssl-pass.key -out ssl.key</bash>}}
+
openssl rsa -in ssl-pass.key -out ssl.key</pre>}}
  
  
 
Now we can generate the actual certificate:
 
Now we can generate the actual certificate:
{{code|<bash>openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt</bash>}}
+
{{code|<pre>openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt</pre>}}
  
  
Line 34: Line 34:
 
ssl_certificate /etc/nginx/certs/ssl.crt;
 
ssl_certificate /etc/nginx/certs/ssl.crt;
 
ssl_certificate_key /etc/nginx/certs/ssl.key;</pre>}}
 
ssl_certificate_key /etc/nginx/certs/ssl.key;</pre>}}
 
  
 
== See also ==
 
== See also ==

Revision as of 16:28, 29 August 2012

Cone.png This article or section is a stub. Stubs are articles that have not yet received substantial attention from the authors. They are short or insufficient pieces of information and require additions to further increase the article's usefulness. The project values stubs as useful first steps toward complete articles.


<bash>wget http://www.dotdeb.org/dotdeb.gpg

cat dotdeb.gpg

Self-signed SSL certificates

Nginx doesn't use the basic .pem files that can be used by Apache for self-signed certificates. We need to go through the following procedure to turn the pem into key and crt files.

First we need to create a private key. Note that this process will require a pass-phrase for the key - don't worry, we'll remove it later to make things easier, 

openssl genrsa -des3 -out ssl.key 1024


Now we need to create a CSR (Certificate Signing Request): 

openssl req -new -key ssl.key -out ssl.csr


Now we need to remove the pass-phrase otherwise it'll prevent the web-server from restarting without it being entered (you'll need to enter the pass-phrase to remove it though), 

cp ssl.key ssl-pass.key
openssl rsa -in ssl-pass.key -out ssl.key


Now we can generate the actual certificate: 

openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt


The relevant server section can now be updated in the nginx configuration, 

        listen 80;
listen 443 default ssl;

ssl_certificate /etc/nginx/certs/ssl.crt;
ssl_certificate_key /etc/nginx/certs/ssl.key;

See also

Retrieved from "https://organicdesign.nz/wiki/index.php?title=Nginx&oldid=111273"