nginx openssl 개인키 설정

nginx openssl 개인키 설정

https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-centos-6

1. 1~7번까지

https://zetawiki.com/wiki/%EB%A6%AC%EB%88%85%EC%8A%A4_%EC%9E%90%EC%B2%B4%EC%84%9C%EB%AA%85_SSL_%EC%9D%B8%EC%A6%9D%EC%84%9C_%EC%83%9D%EC%84%B1

2. 아래처럼 설정하고 /etc/init.d/nginx restart

server {

    listen       443;

    server_name example.com;

    ssl on;

    ssl_certificate /etc/nginx/ssl/생성한키파일명.crt;

    ssl_certificate_key /etc/nginx/ssl/생성한키파일명.key; 

}

3. 아래와 같은 에러 발생시 해결

nginx: [emerg] BIO_new_file("/etc/nginx/sslKey/server.crt") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/nginx/sslKey/server.crt','r') error:2006D002:BIO routines:BIO_new_file:system lib)

nginx: configuration file /etc/nginx/nginx.conf test failed

-> 파일복사시 보안컨텍스트가 잘못되었나봄...

-> restorecon -v -R /etc/nginx

-> https://serverfault.com/questions/540537/nginx-permission-denied-to-certificate-files-for-ssl-configuration

4. http -> https로 리다이렉트

   -> https://bjornjohansen.no/redirect-to-https-with-nginx