Make sure you have nginx with SSL support:
sudo apt-get install nginx-full
Create a key:
sudo mkdir -p /etc/nginx/ssl
cd /etc/nginx/ssl
sudo openssl genrsa -des3 -out domain.key 2048
sudo openssl req -new -key domain.key -out domain.csr
Create certificate: a combined pem file
Put the zip file Namecheap has sent you via email on server, extract them.
cat www_mydomain_com.crt >> www_mydomain_com.pem
cat PositiveSSLCA2.crt >> www_mydomain_com.pem
cat AddTrustExternalCARoot.crt >> www_mydomain_com.pem
service nginx restart
Edit /etc/nginx/sites-available/default:
# Default server for non-domain requests
server {
return 404;
}
upstream django {
server localhost:8000 fail_timeout=10;
}
server {
listen 80;
server_name www.mydomain.com mydomain.com uk.mydomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name www.mydomain.com mydomain.com uk.mydomain.com;
root /home/user/projects/myproject;
ssl on;
ssl_certificate /etc/nginx/ssl/www_mydomain_com.pem;
ssl_certificate_key /etc/nginx/ssl/domain.key;
...
}
The first server lets wrong domain requests to get 404, not 500.
The second is the django server
The third is the HTTP to HTTPS redirection
The fourth is the ssl settings for the main project.
No comments:
Post a Comment