経理からエンジニア転向した人のメモ

元経理マンがエンジニアに転向して現在

CentOS7のNginxでSSL自己証明

# vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0


# yum -y --enablerepo=nginx install nginx

# nginx -v
nginx version: nginx/1.14.0

# systemctl start nginx

# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.


# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

# yum update openssl openssl-devel openssl-libs
Package(s) openssl-devel available, but not installed.
No packages marked for update

# yum install openssl-devel

# cd /etc/nginx

# mkdir ssl

# openssl req -new -x509 -sha256 -newkey rsa:2048 -days 365 -nodes -out /etc/nginx/ssl/nginx.pem -keyout /etc/nginx/ssl/nginx.key
Generating a 2048 bit RSA private key
...................................................................................................................+++
...........................+++
writing new private key to '/etc/nginx/ssl/nginx.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:jp  
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:


# chown root:root -R /etc/nginx/ssl/
# chmod 600 /etc/nginx/ssl/*
# chmod 700 /etc/nginx/ssl

# cd /etc/nginx/conf.d

# vi default.conf 

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server {
    listen 443 ssl;
    ssl on;
    server_name localhost;
    ssl_certificate /etc/nginx/ssl/nginx.pem;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}

f:id:ryomoyr:20180824184704p:plain

f:id:ryomoyr:20180824184747p:plain