Thursday, October 10, 2013

Using PositiveSSL with nginx

Make sure you have nginx with SSL support:

sudo apt-get install nginx-full

Create a key:
sudo mkdir -p /etc/nginx/ssl
cd /etc/nginx/ssl
sudo openssl genrsa -des3 -out domain.key 2048
sudo openssl req -new -key domain.key -out domain.csr

Create certificate: a combined pem file
Put the zip file Namecheap has sent you via email on server, extract them.

cat www_mydomain_com.crt >> www_mydomain_com.pem
cat PositiveSSLCA2.crt >> www_mydomain_com.pem
cat AddTrustExternalCARoot.crt >> www_mydomain_com.pem
service nginx restart

Edit /etc/nginx/sites-available/default:
# Default server for non-domain requests
server {
       return 404;

upstream django {
        server localhost:8000 fail_timeout=10;

server {
  listen 80;
  return 301 https://$host$request_uri;

server {
    listen 443;
    root /home/user/projects/myproject;
    ssl on;
    ssl_certificate /etc/nginx/ssl/www_mydomain_com.pem;
    ssl_certificate_key /etc/nginx/ssl/domain.key;


The first server lets wrong domain requests to get 404, not 500.

The second is the django server

The third is the HTTP to HTTPS redirection

The fourth is the ssl settings for the main project.

No comments: