Nginx SSL設定
self-signed 証明書の発行
秘密鍵を生成
openssl genrsa 4096 > server.key
openssl req -new -key server.key > server.csr
openssl x509 -days 365 -req -signkey server.key < server.csr > server.crt
server.key, server.csr, server.crtを/etc/nginx/sslにおいておく
code:nginx.conf
events {}
http {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
server {
listen 80;
server_name localhost;
}
server {
# ssl settings
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
root /var/www/html;
index index.html;
}
}
再起動
service nginx reload
動作確認
curl http://localhostで301
curl --insecure https://localhostで200
ref