Viewing posts for the category Nginx

Kubernetes : Django, Redis, Frontend, Nginx (reverse proxy & ingress) setup on Bare Metal Server & CICD Guide

Follow Below Steps in sequence. FYI I have created EC2 on AWS.

  1. Create ubuntu 20 LTS instance. open 22, 80, 443 port.
  2. Enable net.bridge.bridge-nf-call-iptables
sudo su
cat > /etc/sysctl.d/20-bridge-nf.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
sysctl --system

     3. Install Docker...

SSL / TLS setup of RapidSSL certificate with Nginx on Ubuntu server

Here is guide to setup SSL / TLS in Nginx ubuntu instance:

- Generate Pvt key
    openssl genrsa -out /home/ubuntu/something_com_pvt.key 2048

- Generate CSR from pvt key
    openssl req -new -key /home/ubuntu/something_com_pvt.key -out /home/ubuntu/something_com_.csr

- Submit above CSR To SSL Provider, RapidSSL in our case.
- Download x.509 type certificates
- Combine intermediate and ssl certificate name it "ssl_final.cer" put it in /home/ubuntu/

- Execute following :
    sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

- put in nginx conf server block :
    include snippets/self-signed.conf;
    include snippets/ssl-params.conf;

- In /etc/nginx/snippets

    self-signed.conf content

    ssl_certificate /home/ubuntu/ssl_final.cer;
    ssl_certificate_key /home/ubuntu/something_com_pvt.key;

    ssl-params.conf content

    # from
    # and
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve prime256v1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver valid=300s;
    resolver_timeout 5s;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

Restart Nginx. Thats It!