前回の続きっぽい話です。
easyrsaと前回の構成をつかてで簡易認証キー付きAPI鯖をつくります
実際のところ
$ cd /etc/openvpn/easy-rsa/ $ sudo su
# mkdir /etc/nginx/easyrsa/keys # cat keys/myservername.crt keys/ca.crt > keys/server_and_ca.crt # cp keys/ca.crt /etc/nginx/easyrsa/keys # cp keys/server_and_ca.crt /etc/nginx/easyrsa/keys # cp keys/myservername.key /etc/nginx/easyrsa/keys
前の記事通り
# ls keys/ 01.pem dh2048.pem index.txt.old myservername.key server_and_ca.crt ca.crt index.txt myservername.crt serial ca.key index.txt.attr myservername.csr serial.old
# nano /etc/nginx/conf.d/ZZZ.conf # cat /etc/nginx/conf.d/ZZZ.conf server { listen 443; location / { # Here we define the name and the contents of the WSGI variable to pass to service uwsgi_param SSL_CLIENT_ID $ssl_client_s_dn; include uwsgi_params; uwsgi_pass 127.0.0.1:5000; } # SSL support ssl on; ssl_protocols SSLv3 TLSv1; ssl_certificate easyrsa/keys/ca_and_server.crt; ssl_certificate_key easyrsa/keys/myserver.key; # We don't accept anyone without correct client certificate ssl_verify_client on; # The CA we use to verify client certificates ssl_client_certificate easyrsa/keys/ca.crt; } server { listen 80; server_name XXX YYY; access_log /var/log/nginx/ZZZ.vs.sakura.ne.jp.access.log; location / { include uwsgi_params; uwsgi_pass unix:/var/run/uwsgi/ZZZ.vs.sakura.ne.jp.sock; } }
# service uwsgi restart # service nginx restart