https://www.namecheap.com 에서 도메인을 구입하고 SSL도 함께 구입했다.
가장 저렴한 single ssl을 적용해보자.
적용할 도메인 : mydomain.com
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Organization / Organization Unit : NA Common Name : mydomain.com
생성된 server.csr 내용을 namecheap ssl 관리하는 곳에서 등록한다.
mail 로 받은 인증서를 cert-chain.crt 파일 하나로 만든다.
cat *yourdomainname*.crt ComodoRSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> cert_chain.crt
server {
charset utf-8;
server_name somedomain.us *.somedomain.us;
rewrite ^/(.*)$ https://somedomain.us/$1 permanent;
}
server {
listen 443;
charset utf-8;
server_name *.somedomain.us;
ssl on;
ssl_certificate /etc/nginx/ssl/somedomain_cert_chain.crt;
ssl_certificate_key /etc/nginx/ssl/somedomain_us.key;
rewrite ^/(.*)$ https://somedomain.us/$1 permanent;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/somedomain_cert_chain.crt;
ssl_certificate_key /etc/nginx/ssl/somedomain_us.key;
charset utf-8;
server_name somedomain.us;
access_log /var/log/nginx/somedomain.access.log;
error_log /var/log/nginx/somedomain.error.log;
location / {
proxy_pass http://127.0.0.1:40023;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}