|
|
| Line 11: |
Line 11: |
| | apt-get install php5-fpm nginx</bash>}} | | apt-get install php5-fpm nginx</bash>}} |
| | | | |
| − | == Self-signed SSL certificates == | + | == SSL == |
| − | Nginx doesn't use the basic ''.pem'' files that can be used by Apache for self-signed certificates. We need to go through the following procedure to turn the ''pem'' into ''key'' and ''crt'' files.
| + | First [[Generate a self signed certificate]], then update the relevant ''server'' section in the nginx configuration, |
| − | | |
| − | First we need to create a private key. Note that this process will require a pass-phrase for the key - don't worry, we'll remove it later to make things easier,
| |
| − | {{code|<pre>openssl genrsa -des3 -out ssl.key 1024</pre>}}
| |
| − | | |
| − | | |
| − | Now we need to create a CSR (Certificate Signing Request):
| |
| − | {{code|<pre>openssl req -new -key ssl.key -out ssl.csr</pre>}}
| |
| − | | |
| − | | |
| − | Now we need to remove the pass-phrase otherwise it'll prevent the web-server from restarting without it being entered (you'll need to enter the pass-phrase to remove it though),
| |
| − | {{code|<pre>cp ssl.key ssl-pass.key
| |
| − | openssl rsa -in ssl-pass.key -out ssl.key</pre>}}
| |
| − | | |
| − | | |
| − | Now we can generate the actual certificate:
| |
| − | {{code|<pre>openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt</pre>}}
| |
| − | | |
| − | | |
| − | The relevant ''server'' section can now be updated in the nginx configuration,
| |
| | {{code|<pre>listen 80; | | {{code|<pre>listen 80; |
| | listen 443 default ssl; | | listen 443 default ssl; |
Revision as of 10:48, 24 April 2013
NGiNX by all accounts is much more efficient than Apache, so we will probably start changing the OD server, and our server installation procedure over to NGiNX.
Installation
SSL
First Generate a self signed certificate, then update the relevant server section in the nginx configuration,
|
|
listen 80;
listen 443 default ssl;
ssl_certificate /etc/nginx/certs/ssl.crt;
ssl_certificate_key /etc/nginx/certs/ssl.key;
|
|
See also
