Last active
May 20, 2020 03:33
-
-
Save bsnacks000/15d485bb9516c6d3d319bebc14bab40b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # for dev purposes or machines that aren't opened up to the public | |
| # ref: https://www.humankode.com/ssl/create-a-selfsigned-certificate-for-nginx-in-5-minutes | |
| # 1. make a local directory...create a conf file for localhost config | |
| $ sudo nano localhost.conf | |
| # paste this in there... | |
| ------------------------------- | |
| [req] | |
| default_bits = 2048 | |
| default_keyfile = localhost.key | |
| distinguished_name = req_distinguished_name | |
| req_extensions = req_ext | |
| x509_extensions = v3_ca | |
| [req_distinguished_name] | |
| countryName = Country Name (2 letter code) | |
| countryName_default = US | |
| stateOrProvinceName = State or Province Name (full name) | |
| stateOrProvinceName_default = New York | |
| localityName = Locality Name (eg, city) | |
| localityName_default = Rochester | |
| organizationName = Organization Name (eg, company) | |
| organizationName_default = localhost | |
| organizationalUnitName = organizationalunit | |
| organizationalUnitName_default = Development | |
| commonName = Common Name (e.g. server FQDN or YOUR name) | |
| commonName_default = localhost | |
| commonName_max = 64 | |
| [req_ext] | |
| subjectAltName = @alt_names | |
| [v3_ca] | |
| subjectAltName = @alt_names | |
| [alt_names] | |
| DNS.1 = localhost | |
| DNS.2 = 127.0.0.1 | |
| DNS.3 = custom.example.com | |
| IP.1 = 10.0.0.1 # example of private ip | |
| ----------------------------- | |
| # 2. generate the key in the same directory | |
| $ sudo openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout localhost.key -out localhost.crt -config localhost.conf | |
| # 3. copy the certs and keys in /etc/ssl/... | |
| $ sudo cp localhost.crt /etc/ssl/certs/localhost.crt | |
| $ sudo cp localhost.key /etc/ssl/private/localhost.key | |
| # 4. create a minimal /etc/nginx/conf.d/default.conf | |
| # We can also use sites-available if we want | |
| server { | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| server_name localhost; | |
| ssl_certificate /etc/ssl/certs/localhost.crt; | |
| ssl_certificate_key /etc/ssl/private/localhost.key; | |
| ssl_protocols TLSv1.2 TLSv1.1 TLSv1; | |
| # root /var/www/html; if you want to set up static files etc... | |
| # index index.html index.nginx-debian.html; | |
| } | |
| server { | |
| if ($host = noaa.dev.cunybplservices.net) { | |
| return 301 https://$host$request_uri; | |
| } | |
| listen 80; | |
| server_name noaa.dev.cunybplservices.net; | |
| return 404; | |
| } | |
| $ sudo service nginx reload | |
| # 6. For convenience when using chrome, add localhost cert to the trusted ca store | |
| $ sudo apt-get install libnss3-tools | |
| $ cd ~/certificates | |
| $ certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "localhost" -i localhost.crt | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment