STEP1) 秘密鍵, 公開鍵, サーバ証明書(オレオレ自己証明)
以下の手順で、秘密鍵(server.key)、公開鍵(server.csr)、自己証明書(server.crt)が作成されます。
$ sudo su - # cd /etc/nginx # openssl genrsa -out server.key 2048 Generating RSA private key, 2048 bit long modulus ...........................+++ ............................................................+++ e is 65537 (0x10001) # openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:jp State or Province Name (full name) [Some-State]:tokyo Locality Name (eg, city) []:?????? Organization Name (eg, company) [Internet Widgits Pty Ltd]:?????? Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:raspi.??????.mydns.jp Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl rsa -in server.key -out server.key writing RSA key # openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=jp/ST=tokyo/L=kokubunji/O=??????/CN=raspi.??????.mydns.jp Getting Private key
STEP2) nginx設定ファイル /etc/nginx/nginx.conf , /etc/nginx/sites-enabled/default
Raspberry (raspbian)付属のnginx設定ファイルでは /etc/nginx/nginx.conf と /etc/nginx/sites-enabled/default が関連しますが、/etc/nginx/sites-enabled/default を以下のように変更すれば、完了です。
# server { # listen 80 default_server; # listen [::]:80 default_server; # root /var/www/html; # index index.html index.htm index.nginx-debian.html; # server_name _; # location / { # # First attempt to serve request as file, then # # as directory, then fall back to displaying a 404. # try_files $uri $uri/ =404; # } # } server { listen 443 ssl; ssl_certificate /etc/nginx/server.crt; ssl_certificate_key /etc/nginx/server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } }