04-03-2022
This commit is contained in:
@@ -7,18 +7,18 @@
|
||||
Création d'un certificat ssl self-signed:
|
||||
|
||||
```bash
|
||||
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
|
||||
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
|
||||
# => /etc/ssl/certs/nginx-selfsigned.crt
|
||||
|
||||
$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
|
||||
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
|
||||
# => /etc/ssl/certs/dhparam.pem
|
||||
|
||||
$ sudo nano /etc/nginx/snippets/self-signed.conf
|
||||
sudo nano /etc/nginx/snippets/self-signed.conf
|
||||
# ajouter:
|
||||
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
|
||||
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
|
||||
|
||||
$ sudo nano /etc/nginx/snippets/ssl-params.conf
|
||||
sudo nano /etc/nginx/snippets/ssl-params.conf
|
||||
# ajouter:
|
||||
# from https://cipherli.st/
|
||||
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||
@@ -46,8 +46,8 @@ ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||||
Configurer nginx pour qu'il utilise SSL:
|
||||
|
||||
```bash
|
||||
$ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
|
||||
$ sudo nano /etc/nginx/sites-available/default
|
||||
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
|
||||
sudo nano /etc/nginx/sites-available/default
|
||||
```
|
||||
|
||||
```nginx
|
||||
@@ -110,23 +110,27 @@ server {
|
||||
}
|
||||
```
|
||||
|
||||
Tester la configuration et redémarrer nginx:
|
||||
Tester la configuration:
|
||||
|
||||
```bash
|
||||
# message normal pour certificat auto-signé
|
||||
|
||||
$ sudo /usr/sbin/nginx -t
|
||||
sudo /usr/sbin/nginx -t
|
||||
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/ssl/certs/nginx-selfsigned.crt"
|
||||
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
|
||||
nginx: configuration file /etc/nginx/nginx.conf test is successful
|
||||
nginx: configuration file /etc/nginx/nginx.conf test is success
|
||||
```
|
||||
|
||||
$ sudo systemctl restart nginx
|
||||
Et redémarrer nginx:
|
||||
|
||||
```bash
|
||||
sudo systemctl restart nginx
|
||||
```
|
||||
|
||||
Vérifier le status de nginx:
|
||||
|
||||
```bash
|
||||
$ systemctl status nginx
|
||||
systemctl status nginx
|
||||
● nginx.service - A high performance web server and a reverse proxy server
|
||||
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
|
||||
Active: active (running) since Tue 2021-07-13 09:30:48 CEST; 2min 58s ago
|
||||
@@ -153,7 +157,7 @@ $ systemctl status nginx
|
||||
-rw-r----- 1 www-data adm 3252 juil. 13 11:51 error.log
|
||||
```
|
||||
```bash
|
||||
$ nano /etc/nginx/nginx.conf
|
||||
nano /etc/nginx/nginx.conf
|
||||
```
|
||||
|
||||
```nginx
|
||||
@@ -171,33 +175,42 @@ $ nano /etc/nginx/nginx.conf
|
||||
|
||||
On commande nginx avec SystemD (Debian 8+, ubuntu 16+, CentOS):
|
||||
|
||||
```bash
|
||||
$ systemctl stop nginx.service
|
||||
|
||||
$ systemctl start nginx.service
|
||||
|
||||
$ systemctl restart nginx
|
||||
|
||||
$ systemctl reload nginx
|
||||
|
||||
$ systemctl disable nginx
|
||||
|
||||
$ systemctl enable nginx
|
||||
|
||||
```bash title="Arrêter nginx"
|
||||
systemctl stop nginx.service
|
||||
```
|
||||
|
||||
```bash title="Démarrer nginx"
|
||||
systemctl start nginx.service
|
||||
```
|
||||
|
||||
```bash title="Redémarrer nginx"
|
||||
systemctl restart nginx
|
||||
```
|
||||
|
||||
```bash title="Recharger nginx"
|
||||
systemctl reload nginx
|
||||
```
|
||||
|
||||
```bash title="Désactiver nginx"
|
||||
systemctl disable nginx
|
||||
```
|
||||
|
||||
```bash title="Activer nginx"
|
||||
systemctl enable nginx
|
||||
```
|
||||
|
||||
|
||||
|
||||
On peut controller directement nginx avec les signals:
|
||||
|
||||
```bash
|
||||
# Relancer nginx
|
||||
|
||||
$ sudo /usr/sbin/nginx -s reload
|
||||
```bash title="Relancer nginx"
|
||||
sudo /usr/sbin/nginx -s reload
|
||||
```
|
||||
|
||||
Aide:
|
||||
|
||||
```bash
|
||||
$ sudo /usr/sbin/nginx -h
|
||||
sudo /usr/sbin/nginx -h
|
||||
nginx version: nginx/1.14.2
|
||||
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]
|
||||
|
||||
@@ -217,7 +230,7 @@ Options:
|
||||
Tester la configuration:
|
||||
|
||||
```bash
|
||||
$ sudo /usr/sbin/nginx -t
|
||||
sudo /usr/sbin/nginx -t
|
||||
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
|
||||
nginx: configuration file /etc/nginx/nginx.conf test is successful
|
||||
```
|
||||
@@ -225,7 +238,7 @@ nginx: configuration file /etc/nginx/nginx.conf test is successful
|
||||
Tester la configuration et l'afficher:
|
||||
|
||||
```nginx
|
||||
$ sudo /usr/sbin/nginx -T
|
||||
sudo /usr/sbin/nginx -T
|
||||
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
|
||||
nginx: configuration file /etc/nginx/nginx.conf test is successful
|
||||
# configuration file /etc/nginx/nginx.conf:
|
||||
|
||||
Reference in New Issue
Block a user