Bye Bye Moore

猫マンション建築の野望を胸に零細事業主として資本主義の荒波に漕ぎ出したアラサー男の技術メモ

easyrsa + uwsgi + nginx + bottleで簡易認証キー付きAPI鯖をつくる その1:設定

前回の続きっぽい話です。
easyrsaと前回の構成をつかてで簡易認証キー付きAPI鯖をつくります

実際のところ

$ cd /etc/openvpn/easy-rsa/
$ sudo su
# mkdir /etc/nginx/easyrsa/keys

# cat keys/myservername.crt keys/ca.crt  > keys/server_and_ca.crt
# cp keys/ca.crt /etc/nginx/easyrsa/keys
# cp keys/server_and_ca.crt /etc/nginx/easyrsa/keys
# cp keys/myservername.key  /etc/nginx/easyrsa/keys

前の記事通り

# ls keys/
01.pem  dh2048.pem      index.txt.old     myservername.key  server_and_ca.crt
ca.crt  index.txt       myservername.crt  serial
ca.key  index.txt.attr  myservername.csr  serial.old
# nano /etc/nginx/conf.d/ZZZ.conf
# cat /etc/nginx/conf.d/ZZZ.conf 
server {
    listen 443;

    location / {
        # Here we define the name and the contents of the WSGI variable to pass to service
        uwsgi_param SSL_CLIENT_ID $ssl_client_s_dn;
        include uwsgi_params;
        uwsgi_pass 127.0.0.1:5000;
    }

    # SSL support
    ssl                 on;
    ssl_protocols       SSLv3 TLSv1;
    ssl_certificate     easyrsa/keys/ca_and_server.crt;
    ssl_certificate_key easyrsa/keys/myserver.key;

    # We don't accept anyone without correct client certificate
    ssl_verify_client on;
    # The CA we use to verify client certificates
    ssl_client_certificate easyrsa/keys/ca.crt;
}

server {
    listen 80;
    server_name  XXX YYY;
    access_log   /var/log/nginx/ZZZ.vs.sakura.ne.jp.access.log;

    location / {
        include uwsgi_params;
        uwsgi_pass  unix:/var/run/uwsgi/ZZZ.vs.sakura.ne.jp.sock;
    }
}
# service uwsgi restart
# service nginx restart