Bye Bye Moore

PoCソルジャーな零細事業主が作業メモを残すブログ

easyrsa + uwsgi + nginx + bottleで簡易認証キー付きAPI鯖をつくる その1:設定

前回の続きっぽい話です。
easyrsaと前回の構成をつかてで簡易認証キー付きAPI鯖をつくります

実際のところ

$ cd /etc/openvpn/easy-rsa/
$ sudo su
# mkdir /etc/nginx/easyrsa/keys

# cat keys/myservername.crt keys/ca.crt  > keys/server_and_ca.crt
# cp keys/ca.crt /etc/nginx/easyrsa/keys
# cp keys/server_and_ca.crt /etc/nginx/easyrsa/keys
# cp keys/myservername.key  /etc/nginx/easyrsa/keys

前の記事通り

# ls keys/
01.pem  dh2048.pem      index.txt.old     myservername.key  server_and_ca.crt
ca.crt  index.txt       myservername.crt  serial
ca.key  index.txt.attr  myservername.csr  serial.old
# nano /etc/nginx/conf.d/ZZZ.conf
# cat /etc/nginx/conf.d/ZZZ.conf 
server {
    listen 443;

    location / {
        # Here we define the name and the contents of the WSGI variable to pass to service
        uwsgi_param SSL_CLIENT_ID $ssl_client_s_dn;
        include uwsgi_params;
        uwsgi_pass 127.0.0.1:5000;
    }

    # SSL support
    ssl                 on;
    ssl_protocols       SSLv3 TLSv1;
    ssl_certificate     easyrsa/keys/ca_and_server.crt;
    ssl_certificate_key easyrsa/keys/myserver.key;

    # We don't accept anyone without correct client certificate
    ssl_verify_client on;
    # The CA we use to verify client certificates
    ssl_client_certificate easyrsa/keys/ca.crt;
}

server {
    listen 80;
    server_name  XXX YYY;
    access_log   /var/log/nginx/ZZZ.vs.sakura.ne.jp.access.log;

    location / {
        include uwsgi_params;
        uwsgi_pass  unix:/var/run/uwsgi/ZZZ.vs.sakura.ne.jp.sock;
    }
}
# service uwsgi restart
# service nginx restart