43 lines
1.4 KiB
Markdown
43 lines
1.4 KiB
Markdown
# Configs for Nginx Reverse Proxy
|
|
|
|
The above are ultra minimal configs for setting up nginx.
|
|
|
|
|
|
# For self signing
|
|
|
|
_I'll be using openssl and summarizing the Digital OCean tutorial._ [Reference](https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04)
|
|
|
|
1. First you will have to generate a self-signed key and certificate pair.
|
|
|
|
```
|
|
openssl req -x509 -nodes -days 365 -newkey:2048 -keyout /etc/ssl/private/freechat.key -out /etc/ssl/certs/freechat.crt
|
|
```
|
|
|
|
2. Next create the Diffie-Hellman group file:
|
|
|
|
```
|
|
openssl dhparam -out /detc/ssl/certs/freechat.pem 2048
|
|
```
|
|
|
|
3. Next we should setup the configs for Nginx
|
|
|
|
* Place self-signed.conf into `/etc/nginx/snippets`.
|
|
|
|
This file tells nginx to use the previously created self signed certificates.
|
|
|
|
* Place ssl-params.conf into `/etc/nginx/snippets`.
|
|
|
|
This file is pretty general so if you're not self signing you can still use it as just configures TLS and SSL for Nginx.
|
|
|
|
4. After that you should be ready to start the server.
|
|
|
|
|
|
# Final Notes
|
|
|
|
Keep in mind will be able to access json-api endpoints with https://domain.net:<port> and without the port number attached. If you wish to restrict then I suggest restricting clients to _force the port number_ as all clients should be configured to do so anyway.
|
|
|
|
|
|
# Suggestions?
|
|
|
|
If something here seems wrong or needs fixing/updating/correcting feel free to open an issue.
|