| .. | ||
| freechat.conf | ||
| readme.md | ||
| self-signed.conf | ||
| ssl-params.conf | ||
Configs for Nginx Reverse Proxy
The above are ultra minimal configs for setting up nginx.
For self signing
I'll be using openssl and summarizing the Digital OCean tutorial. Reference
- First you will have to generate a self-signed key and certificate pair.
openssl req -x509 -nodes -days 365 -newkey:2048 -keyout /etc/ssl/private/freechat.key -out /etc/ssl/certs/freechat.crt
- Next create the Diffie-Hellman group file:
openssl dhparam -out /detc/ssl/certs/freechat.pem 2048
- Next we should setup the configs for Nginx
- Place self-signed.conf into
/etc/nginx/snippets.
This file tells nginx to use the previously created self signed certificates.
- Place ssl-params.conf into
/etc/nginx/snippets.
This file is pretty general so if you're not self signing you can still use it as just configures TLS and SSL for Nginx.
- After that you should be ready to start the server.
Final Notes
Keep in mind will be able to access json-api endpoints with https://domain.net: and without the port number attached. If you wish to restrict then I suggest restricting clients to force the port number as all clients should be configured to do so anyway.
Suggestions?
If something here seems wrong or needs fixing/updating/correcting feel free to open an issue.