# Nginx Setting
cd etc/yum.repos.d/
vi nginx.repo
---
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
---
yum install -y nginx
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=8443/tcp
firewall-cmd --reload
firewall-cmd --list-ports
firewall-cmd --list-all
firewall-cmd --permanent --zone=public --add-forward-port=port=443:proto=tcp:toport=8443
firewall-cmd --reload
firewall-cmd --list-all
firewall-cmd --permanent --zone=public --remove-forward-port=port=443:proto=tcp:toport=8443
firewall-cmd --reload
firewall-cmd --list-all
vi /etc/nginx/conf.d/default.conf
systemctl start nginx
systemctl enable nginx
# Nginx SSL
1. νμΌν©μΉκΈ°
cat [λλ©μΈμΈμ¦μ] [체μΈμΈμ¦μ] [루νΈμΈμ¦μ] > [λλ©μΈλͺ
.pem](μνλ μ΄λ¦)
λ°λμ viμ΄λ vim λͺ
λ Ήμ΄λ‘ κ°μ κ°ν
2.
vi /etc/nginx/site-available/default
---
server {
listen 443 ssl;
server_name [λλ©μΈλͺ
];
ssl on;
ssl_certificate [μΈκ°μ§ μΈμ¦μ ν©μΉ νμΌ κ²½λ‘];
ssl_certificate_key [κ°μΈν€ νμΌ κ²½λ‘];
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:3000;(λ
Έλ μλ² μ€νμ μν proxy_pass μ€μ )
}
}
=====
upstream api {
server 192.168.0.1:8080;
}
server {
listen 80;
location / {
proxy_pass http://api;
}
}
server {
listen 443 ssl;
server_name test.com;
ssl on;
ssl_certificate test.pem;
ssl_certificate_key test.key;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.1:8080;
}
}
======
/etc/nginx/conf.d
openssl rsa -in [κΈ°μ‘΄μΈμ¦μνμΌ] -out [μλ‘μ΄μΈμ¦μνμΌ]
---
vi /etc/nginx/conf.d/default.conf
service nginx start
systemctl stop nginx
systemctl restart nginx
systemctl stop nginx
systemctl start nginx
tail -f /var/log/nginx/error.log
* (13: Permission denied) while connecting to upstream
setsebool -P httpd_can_network_connect 1
vi /etc/nginx/nginx.conf
* fopen:Permission denied
# References
https://velog.io/@twkim8548/Nginx%EC%97%90%EC%84%9C-SSL-%EC%A0%81%EC%9A%A9%ED%95%B4%EC%84%9C-Https-%EB%A1%9C-%EC%A0%91%EC%86%8D-%EB%90%98%EA%B2%8C-%ED%95%B4%EB%B3%BC%EA%B9%8C
https://stackoverflow.com/questions/5877929/what-does-upstream-mean-in-nginx
https://cert.crosscert.com/nginx-ssl%EC%9D%B8%EC%A6%9D%EC%84%9C-%EC%84%A4%EC%B9%98-%EB%A7%A4%EB%89%B4%EC%96%BC/
β - centos-error - mac β