1. Home
  2. Web
  3. Guia de referência do NGINX

Guia de referência do NGINX

Índice

1- No windows

2- No linux

Instalar o nginx $ sudo apt install nginx

Criar o certificado usando o openssl $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/certs/m.site.key -out /etc/ssl/certs/site.crt

$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Adicionar configuração do site no nginx $ sudo nano /etc/nginx/sites-available/site.com.br

Adicionar o seguinte conteúdo:

server {
  listen 443 http2 ssl;
  listen [::]:443 http2 ssl;

  server_name m.site.com.br;

  location / {
    proxy_pass http://localhost:3003;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }

  ssl_certificate /etc/ssl/certs/m.site.crt;
  ssl_certificate_key /etc/ssl/certs/m.site.key;
  ssl_dhparam /etc/ssl/certs/dhparam.pem;

  ########################################################################
  # from https://cipherli.st/ #
  # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html #
  ########################################################################

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_ecdh_curve secp384r1;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.8.8 8.8.4.4 valid=300s;
  resolver_timeout 5s;
  # Disable preloading HSTS for now. You can use the commented out header line that includes
  # the "preload" directive if you understand the implications.
  #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;

  ##################################
  # END https://cipherli.st/ BLOCK #
  ##################################
}

Habilitar configuração do site no nginx $ sudo ln -s /etc/nginx/sites-available/site.com.br /etc/nginx/sites-enabled/

Verificar a configuração do nginx $ sudo nginx -t

(se exibir algum erro, voltar a etapa de configuração)

Executar restart do nginx $ sudo systemctl restart nginx

Verificar o status do serviço do nginx $ sudo systemctl status nginx

No caso de erros, verificar o log $ sudo nano /var/log/nginx/error.log

3- No MAC

No linux: $ sudo apt install nginx

No windows: Fazer o download o pacote: http://nginx.org/en/download.html Descompactar em uma pasta, ex: C:\nginx-1.18.0

Comentários