Difference between revisions of "Nginx"

From Organic Design wiki
(See also: Configuring Nginx HTTPS servers)
(unstub)
Line 1: Line 1:
{{stub}}
+
NGiNX by all accounts is much more efficient than Apache, so we will probably start changing the OD server, and our [[install a new server|server installation procedure]] over to NGiNX.
  
 +
== Installation ==
 
{{code|<bash>wget http://www.dotdeb.org/dotdeb.gpg
 
{{code|<bash>wget http://www.dotdeb.org/dotdeb.gpg
 
cat dotdeb.gpg | sudo apt-key add -
 
cat dotdeb.gpg | sudo apt-key add -

Revision as of 20:51, 31 August 2012

NGiNX by all accounts is much more efficient than Apache, so we will probably start changing the OD server, and our server installation procedure over to NGiNX.

Installation

<bash>wget http://www.dotdeb.org/dotdeb.gpg

cat dotdeb.gpg

Self-signed SSL certificates

Nginx doesn't use the basic .pem files that can be used by Apache for self-signed certificates. We need to go through the following procedure to turn the pem into key and crt files.

First we need to create a private key. Note that this process will require a pass-phrase for the key - don't worry, we'll remove it later to make things easier, 

openssl genrsa -des3 -out ssl.key 1024


Now we need to create a CSR (Certificate Signing Request): 

openssl req -new -key ssl.key -out ssl.csr


Now we need to remove the pass-phrase otherwise it'll prevent the web-server from restarting without it being entered (you'll need to enter the pass-phrase to remove it though), 

cp ssl.key ssl-pass.key
openssl rsa -in ssl-pass.key -out ssl.key


Now we can generate the actual certificate: 

openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt


The relevant server section can now be updated in the nginx configuration, 

listen 80;
listen 443 default ssl;

ssl_certificate /etc/nginx/certs/ssl.crt;
ssl_certificate_key /etc/nginx/certs/ssl.key;

See also

Retrieved from "https://organicdesign.nz/wiki/index.php?title=Nginx&oldid=111359"