Howto: èñïîëüçîâàíèå âåáñåðâåðà nginx (SSL) äëÿ äîñòóïà ê âñòðîåííîìó âåá-èíòåðôåéñó

[angel_il]

howto: Èñïîëüçîâàíèå âåáñåðâåðà nginx (SSL) äëÿ äîñòóïà ê âñòðîåííîìó âåá-èíòåðôåéñó

1) Óñòàíàâëèâàåì nginx (êîìó íàäî âûëîæó ñáîðêó ñ ïîääåðæêîé SSL)
2) íàñòðàèâàåì backend ñîåäèíåíèå ñî âñòðîåííûì âåá-ñåðâåðîì
â ôàéëå /opt/etc/nginx/nginx.conf äîëæíî áûòü ïðîïèñàíî:

Code:

    server {
        listen       443;
        server_name  ÄîìåííîåÈìÿÐîóòåðà;

        ssl                  on;
        ssl_certificate      cert.pem;
        ssl_certificate_key   cert.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;

        location / {
            proxy_pass         http://127.0.0.1:80/;
            proxy_redirect     off;

            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For
            $proxy_add_x_forwarded_for;
        }
    }

ÄîìåííîåÈìÿÐîóòåðà çàìåíèòü íà âàøå äîìåííîå èìÿ ðîóòåðà.

3) ñîçäàòü ñåðòèôèêàòû

Code:

openssl req -new -x509 -days 9999 -nodes -out cert.pem -keyout cert.key

Ñïàñèáî Nebulosa çà ïîäñêàçêó.

ôàéëû cert.key è cert.pem íåîáõîäèìî ïîëîæèòü â ïàïêó /opt/etc/nginx/
Ñîáñòâåííî âñå.
PS: çàõîäèòü íà ðîóòåð òàê https://ÄîìåííîåÈìÿÐîóòåðà

[Novik]

îäíàêî ïðèâåëè ê òîìó æå ðåçóëüòàòó.

select äîëæåí ïðîêàòèòü. Åñëè òàêè íåò - äèàãíîñòèêà íà íåì âñÿêî äîëæíà áûòü äðóãîé. Åå è ïèøèòå ñþäà.

[Stud2000]

Òîëüêî âîò â ðåïîçèòàðèè nginx ñîáðàí áåç ïîääåðæêè select, à ïåðåñîáðàòü åãî íà ðîóòåðå íå ïîëó÷àåòñÿ ò.ê. íåò gcc

[Novik]

íåò gcc

1) Ïàêåò ñ gcc òàêè åñòü. Èñêàòü ïî ôîðóìó ïî ñëîâàì "êîìïèëÿöèÿ" è ò.ï.
2) Êðîññ-êîìïèëÿöèþ â ëþáîì ñëó÷àå íèêòî íå îòìåíÿë.

[Stud2000]

Êðîññêîìïèëÿöèÿ ýòî ÷òî è êàê îíî ðàáîòàåò? ïðîñòèòå ìîþ íåâåæåñòâåííîñòü.

[Novik]

Êðîññêîìïèëÿöèÿ ýòî ÷òî è êàê îíî ðàáîòàåò?

1) Êðîìå íàòèâíîé êîìïèëÿöèè gcc îáåñïå÷èâàåò è êðîññ-êîìèëÿöèþ. Ò.å. âîçìîæíîñòü ñîáðàòü íà îäíîé ìàøèíå ôàéëû, êîòîðûå áóäóò âûïîëíÿòüñÿ íà äðóãîé (â òîì ÷èñëå ñ äðóãîé àðõèòåêòóðîé è ò.ï.)
Ñìîòðåòü, íàïðèìåð, òóò - http://wl500g.info/showpost.php?p=51465&postcount=10
2) Íà ïðåäìåò íàòèâíîé êîìïèëÿöèè èñêàòü ïîèñêîì ïî ñëîâó buildroot, åñëè ïî ñëîâó "êîìïèëÿöèÿ" Âû ïî÷åìó-òî íè÷åãî íå íàøëè.

[Nebulosa]

Ïîëüçîâàëñÿ òàêèì ìàíóàëîì http://nobrend.ru/?p=24

Ñîçäàåì ñåðòèôèêàòû âîò òàêîé êîìàíäîé:

openssl req -new -x509 -days 9999 -nodes -out server.crt -keyout server.key

 Common name âïèñûâàåì èìÿ äîìåíà, ïîëÿ íå äîëæíû áûòü ïóñòûìè.

Ïðîïèñûâàåì â nginx:

ssl on;
ssl_certificate ssl/server.crt;
ssl_certificate_key ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP;
ssl_prefer_server_ciphers on;

[angel_il]

ñïàñèáî ïîäïðàâèë õàóòóøêó

[bak]

 òàêîì âàðèàíòå âåá èíòåðôåéñ áóäåò ðàáîòàòü íåïðàâèëüíî, è ïðè íàæàòèè êíîïêóè Aply èëè Finish èçìåíåíèÿ íå áóäóò ïðèìåíÿòñÿ (èëè áóäóò, íî ÷åðåç îòêðûòîå ñîåäèíåíèå). Äëÿ òîãî ÷òîáû âåá èíòåðôåéñ ðàáîòàë ïðàâèëüíî, íåîáõîäèìî îñóùåñòâëÿòü ïîäìåíó âîçâðàùàåìûõ ññûëîê http:// íà https://. Äëÿ ýòîãî íåîáõîäèìî ñîáðàòü nginx ñ ïîääåðæêîé ìîäóëÿ http_sub_module (è íå çàáûòü ssl).

Code:

./configure --with-http_ssl_module --with-http_sub_module

Çàòåì â êîíôèãå, â ðàçäåëå location ïðîïèñàòü:

Code:

sub_filter http:// https://;
sub_filter_once on;

Ïîäïðàâüòå howto ïëèç.

[RekoD]

À îí ïîääåðæèâàåò ÷òî-òî âðîäå .htaccess ?

[angel_il]

ïîääåðæèâàåò, íî ñîâåòóþ âñå òàêè nginx

[Freepriman]

ïîääåðæèâàåò, íî ñîâåòóþ âñå òàêè nginx

À îí ïîä àñóñîì íîðìàëüíî çàâîäèòñÿ?

[angel_il]

ãëþêîâ ïîêà íå âèäåë.

[RekoD]

nginx òîæå .htaccess/.htpasswd íå ïîääåðæèâàåò...

[qwest]

ãëþêîâ ïîêà íå âèäåë.

Èíñòðóêöèåé ïî íàñòðîéêå nginx + php íà wl500gv2 ïîäåëèòåñü?