ここを読み込むと起動しない
/etc/nginx/nginx.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } # Settings for a TLS enabled server. # server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name nextcloud.vamdemicsyste.com; root /usr/share/nginx/html; ssl_certificate "/etc/nginx/conf.d/server.crt"; ssl_certificate_key "/etc/nginx/conf.d/server.key.nopass"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # location / { proxy_pass http://localhost:8080; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } } |
オレオレ証明書
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# インストール yum -y install mod_ssl openssl genrsa -aes256 2048 > server.key Enter pass phrase: password # 暗号化方式一覧 openssl enc --help # 公開鍵作成(パスフレーズ、パスワード以外は適当でもOK) openssl req -new -key server.key > server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP State or Province Name (full name) []:Tokyo Locality Name (eg, city) [Default City]:Adachi Organization Name (eg, company) [Default Company Ltd]:Vamdemic Organizational Unit Name (eg, section) []:System Common Name (eg, your name or your server's hostname) []:vamdemicsystem Email Address []:hoge@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:password An optional company name []:hoge # デジタル証明書作成 openssl x509 -in server.csr -days 36500 -req -signkey server.key > server.crt Enter pass phrase for server.key: password # 起動時のパスワード入力無効化設定 openssl rsa -in server.key -out server.key.nopass cp -p server.crt /etc/nginx/conf.d cp -p server.key.nopass /etc/nginx/conf.d |