인증서 만들기
#openssl req -new -newkey rsa:2048 -nodes -keyout open_ssl.key -out open_ssl.csr
Generating a 2048 bit RSA private key
...
...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <----------------------- Nginx 서버 시작 시 입력하는 패스워드
An optional company name []:
#ls -al
-rw-r--r-- 1 root root 1110 Jun 18 11:21 open_ssl.csr
-rw-r--r-- 1 root root 1704 Jun 18 11:21 open_ssl.key
테스트를 위한 SSL 인증서 생성
#openssl x509 -req -days 365 -in open_ssl.csr -signkey open_ssl.key -out open_ssl.crt
#ls -al
-rw-r--r-- 1 root root 1306 Jun 18 11:27 open_ssl.crt
-rw-r--r-- 1 root root 1110 Jun 18 11:21 open_ssl.csr
-rw-r--r-- 1 root root 1704 Jun 18 11:21 open_ssl.key
Nginx 의 SSL 모듈 탑재 확인
#/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.5.8
built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/daum/program/nginx --with-http_ssl_module
"--with-http_ssl_module" 부분 없다면 아래 방식으로 Nginx 재설치
# ./configure --prefix=/usr/local/nginx --with-http_ssl_module
...
# make && make install
Nginx 서버 config 설정
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/nginx/ssl/open_ssl.crt;
ssl_certificate_key /usr/local/nginx/ssl/open_ssl.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
댓글 없음:
댓글 쓰기