Python / Odoo Developer

Welcome!

This community is for professionals and enthusiasts of our products and services. Share and discuss the best content and new marketing ideas, build your professional profile and become a better marketer together.

Hide Intro Register
0

Linux Certificates

Avatar
Administrator
Linuxnginxcertificates

Open

Create certificate

Created .key and .crt files where you need

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

Create pem

openssl dhparam -out /etc/nginx/dhparam.pem 4096

Create nginx snippet

/etc/nginx/snippets/self-signed.conf

Add content

ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

Create SSL Params

/etc/nginx/snippets/ssl-params.conf

Add content

ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

Copy nginx file domain

cp /etc/nginx/sites-available/your_domain /etc/nginx/sites-available/your_domain.bak

Edit domain file

/etc/nginx/sites-available/your_domain

Add content

server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;

root /var/www/your_domain/html;
index index.html index.htm index.nginx-debian.html;
 
server_name your_domain.com www.your_domain.com;

location / {
try_files $uri $uri/ =404;
}

server {
listen 80;
listen [::]:80;

server_name your_domain.com www.your_domain.com;

return 302 https://$server_name$request_uri;
}

Test Nginx

nginx -t

Restart Nginx

systemctl restart nginx


If works change 302 inside nginx site available

return 301 https://$server_name$request_uri;

systemctl restart nginx


:Open

  • Create a /usr/local/share/ca-certificates/ directory if it does not exist on your computer:
  • cp /usr/local/share/ca-certificates/
  • update-ca-certificates



Avatar
Discard