qed_nginx

This repo contains the NGINX conf used for HTTPS/SSL. Adding SSL to the web server requires additional steps which are detailed here.

nginx.conf

The NGINX configuration file needs SSL directives added to it as well as telling the server to listen on port 443. The added directives all begin with "ssl". The notable directives are ssl_certificate and ssl_certificate_key. Both of these must point to valid signed SSL certificates located on the server (or Docker container in this case). Additionally, Chrome requires additional information to be included in the SSL cert, called "SSL certificate chains".

SSL Certificates

In NGINX's case, this requires concatenating the chain certificate to the star certificate:

$ sudo mkdir -p /var/www/nginx/certs
$ cat star_epa_gov.crt DigiCertCA.crt > /var/www/nginx/certs/qed.epa.gov.chained.crt

The private key sent in with the SSL cert requests also needs to be on server:

$ /var/www/nginx/certs/qed.key

After putting the certificates on the server (e.g. SFTP) tighten down the permissions on the directory and certificates

$ sudo chown -R root:root /var/www/nginx/certs
$ sudo chmod -R 600 /var/www/nginx/certs

Name		Name	Last commit message	Last commit date
Latest commit History 229 Commits
.github/workflows		.github/workflows
.gitattributes		.gitattributes
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
Dockerfile		Dockerfile
README.md		README.md
acme_challenge.conf		acme_challenge.conf
ceamdev_backend.conf		ceamdev_backend.conf
nginx.conf		nginx.conf
nginx_basic.conf		nginx_basic.conf
nginx_ceamdev.conf		nginx_ceamdev.conf
nginx_epa_aws_kube.conf		nginx_epa_aws_kube.conf
nginx_epa_aws_ssl.conf		nginx_epa_aws_ssl.conf
nginx_epa_aws_ssl_dev.conf		nginx_epa_aws_ssl_dev.conf
nginx_gdit_aws_nonssl.conf		nginx_gdit_aws_nonssl.conf
nginx_internal.conf		nginx_internal.conf

quanted/qed_nginx

Folders and files

Latest commit

History

Repository files navigation

qed_nginx

nginx.conf

SSL Certificates

References

About

Resources

Stars

Watchers

Forks

Languages