Nginx config notes

2021-02-11 21:04:41 -08:00 · 2021-02-11 21:04:41 -08:00 · 689366072e
commit 689366072e
parent bd684a8f5d
1 changed files with 39 additions and 0 deletions
--- a/nginx-conf/readme.md
+++ b/nginx-conf/readme.md
@ -1,3 +1,42 @@
 # Configs for Nginx Reverse Proxy

 The above are ultra minimal configs for setting up nginx.
+
+
+# For self signing
+
+_I'll be using openssl and summarizing the Digital OCean tutorial._ [Reference](https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04)
+
+1. First you will have to generate a self-signed key and certificate pair.
+
+```
+openssl req -x509 -nodes -days 365 -newkey:2048 -keyout /etc/ssl/private/freechat.key -out /etc/ssl/certs/freechat.crt
+```
+
+2. Next create the Diffie-Hellman group file:
+
+```
+openssl dhparam -out /detc/ssl/certs/freechat.pem 2048
+```
+
+3. Next we should setup the configs for Nginx
+
+* Place self-signed.conf into `/etc/nginx/snippets`.
+
+This file tells nginx to use the previously created self signed certificates.
+
+* Place ssl-params.conf into `/etc/nginx/snippets`.
+
+This file is pretty general so if you're not self signing you can still use it as just configures TLS and SSL for Nginx.
+
+4. After that you should be ready to start the server.
+
+
+# Final Notes
+
+Keep in mind will be able to access json-api endpoints with https://domain.net:<port> and without the port number attached. If you wish to restrict then I suggest restricting clients to _force the port number_ as all clients should be configured to do so anyway.
+
+
+# Suggestions?
+
+If something here seems wrong or needs fixing/updating/correcting feel free to open an issue.