Jumat, 22 November 2019

How to install ssl certificate on pritunl server with nginx frond end

  Tidak ada komentar
Install the nginx reverse proxy server

[root@localhost ~]# yum install nginx
Change the pritunl web port to another port
[root@localhost ~]# pritunl set app.server_port 9443
app.server_port = 9443
Successfully updated configuration. This change is stored in the database and has been applied to all hosts in the cluster.

Enable reverse proxy and disable redirect

[root@localhost ~]# sudo pritunl set app.reverse_proxy true
app.reverse_proxy = true
Successfully updated configuration. This change is stored in the database and has been applied to all hosts in the cluster.
[root@localhost ~]# sudo pritunl set app.redirect_server false
app.redirect_server = false
Successfully updated configuration. This change is stored in the database and has been applied to all hosts in the cluster.
[root@localhost ~]#
Create nginx config for pritunl

[root@localhost ~]# vi /etc/nginx/conf.d/pritunl.conf
[root@localhost ~]#
The nginx configuration
[root@localhost ~]# cat /etc/nginx/conf.d/pritunl.conf
server {
    listen 80;
    server_name domain.name;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
   # listen 443;
    server_name domain.name;
    ssl_certificate           /etc/nginx/ssl/start_sertifikat.crt;
    ssl_certificate_key       /etc/nginx/ssl/start_sertifikat.key;

   # ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/domain.name.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      proxy_pass          https://localhost:9443;
      proxy_read_timeout  90;
    }
  }
[root@localhost ~]#
Test nginx configuration

[root@localhost ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@localhost ~]#
Restart pritunl service

[root@localhost ~]# service pritunl restart
Redirecting to /bin/systemctl restart pritunl.service
[root@localhost ~]#
Restart nginx configuration

[root@localhost ~]# service nginx restart
Redirecting to /bin/systemctl restart nginx.service
[root@localhost ~]# service nginx status
Redirecting to /bin/systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-11-20 21:50:32 WIB; 7s ago
  Process: 6690 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 6688 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 6686 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 6691 (nginx)
   CGroup: /system.slice/nginx.service
           ├─6691 nginx: master process /usr/sbin/nginx
           ├─6692 nginx: worker process
           ├─6693 nginx: worker process
           ├─6694 nginx: worker process
           ├─6695 nginx: worker process
           ├─6696 nginx: worker process
           ├─6697 nginx: worker process
           ├─6698 nginx: worker process
           └─6699 nginx: worker process

Nov 20 21:50:32 localhost.localdomain systemd[1]: Unit nginx.service entered failed state.
Nov 20 21:50:32 localhost.localdomain systemd[1]: nginx.service failed.
Nov 20 21:50:32 localhost.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy server...
Nov 20 21:50:32 localhost.localdomain nginx[6688]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Nov 20 21:50:32 localhost.localdomain nginx[6688]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Nov 20 21:50:32 localhost.localdomain systemd[1]: Started The nginx HTTP and reverse proxy server.
[root@localhost ~]#


Tidak ada komentar :

Posting Komentar