Nginx Openssl 설정

인증서 만들기

#openssl req -new -newkey rsa:2048 -nodes -keyout open_ssl.key -out open_ssl.csr

Generating a 2048 bit RSA private key
...
...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <----------------------- Nginx 서버 시작 시 입력하는 패스워드
An optional company name []:


#ls -al
-rw-r--r-- 1 root root 1110 Jun 18 11:21 open_ssl.csr
-rw-r--r-- 1 root root 1704 Jun 18 11:21 open_ssl.key

테스트를 위한 SSL 인증서 생성

#openssl x509 -req -days 365 -in open_ssl.csr -signkey open_ssl.key -out open_ssl.crt


#ls -al
-rw-r--r-- 1 root root 1306 Jun 18 11:27 open_ssl.crt
-rw-r--r-- 1 root root 1110 Jun 18 11:21 open_ssl.csr
-rw-r--r-- 1 root root 1704 Jun 18 11:21 open_ssl.key

Nginx 의 SSL 모듈 탑재 확인

#/usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.5.8
built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/daum/program/nginx --with-http_ssl_module

"--with-http_ssl_module" 부분 없다면 아래 방식으로 Nginx 재설치

# ./configure --prefix=/usr/local/nginx --with-http_ssl_module
...
# make && make install

Nginx 서버 config 설정

    # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      /usr/local/nginx/ssl/open_ssl.crt;
        ssl_certificate_key  /usr/local/nginx/ssl/open_ssl.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
     proxy_pass   http://127.0.0.1:8080;
        }
    }