SSL Termination Ubuntu Nginx

Pertama install terlebih dahulu nginx
# apt-get install nginx
# update-rc.d nginx defaults

Generate key
# apt-get install mod_ssl openssl
# openssl genrsa -des3 -out your-domain.com.key 4096
# openssl req -new -key your-domain.com.key -out your-domain.com.csr

Kemudian beli SSL dari file csr tersebut. Pasang ke nginx
# cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt
# vi /etc/nginx/site-enable/default

server {
        listen 443 ssl;
        server_name domain.com;

ssl on;
ssl_certificate /ssl/folder/domain.com-ssl-bundle.crt;
ssl_certificate_key /ssl/folder/domain.com.key;
ssl_prefer_server_ciphers on;

## OCSP Stapling
resolver 127.0.0.1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /ssl/folder/domain.com-ssl-bundle.crt;

        location / {
            proxy_pass http://127.0.0.1:80;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_set_header Host $host;
        }
}

Reload nginx
# service nginx reload
# service nginx start

Share on Facebook Share on Twitter Share on Google Plus

About Rolly Maulana Awangga

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.