openssl rsa -in server.key -text > private.pem
rsa private key text file pem으로 변경시키는 명령어
--
crt파일을 받으면 cat으로 합쳐서 bundle pem 으로 만든다
server {
if ($host = domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
server_name domain.com;
ssl_certificate /etc/nginx/ssl/unified_bundle.pem;
ssl_certificate_key /etc/nginx/ssl/private.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
include uwsgi_params;
uwsgi_pass unix:
#or
root /
}
}
sudo ufw allow https
등 firewall 설정 다 하고
nginx reload or restart
server {
listen 80;
server_name $<host>;
return 301 https://$<host>$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
server_name <host>;
ssl_certificate /etc/nginx/ssl/unified.pem;
ssl_certificate_key /etc/nginx/ssl/private.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
include uwsgi_params;
uwsgi_pass unix:/home/ubuntu/project-folder/myproject.sock;
}
}
~
~