How to install ssl certificate on pritunl server with nginx frond end
Install the nginx reverse proxy server
[root@localhost ~]# yum install nginx
[root@localhost ~]# pritunl set app.server_port 9443
app.server_port = 9443
Successfully updated configuration. This change is stored in the database and has been applied to all hosts in the cluster.
Enable reverse proxy and disable redirect
[root@localhost ~]# sudo pritunl set app.reverse_proxy true
app.reverse_proxy = true
Successfully updated configuration. This change is stored in the database and has been applied to all hosts in the cluster.
[root@localhost ~]# sudo pritunl set app.redirect_server false
app.redirect_server = false
Successfully updated configuration. This change is stored in the database and has been applied to all hosts in the cluster.
[root@localhost ~]#
Create nginx config for pritunl
[root@localhost ~]# vi /etc/nginx/conf.d/pritunl.conf
[root@localhost ~]#
The nginx configuration
[root@localhost ~]# cat /etc/nginx/conf.d/pritunl.conf
server {
listen 80;
server_name domain.name;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
# listen 443;
server_name domain.name;
ssl_certificate /etc/nginx/ssl/start_sertifikat.crt;
ssl_certificate_key /etc/nginx/ssl/start_sertifikat.key;
# ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/domain.name.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://localhost:9443;
proxy_read_timeout 90;
}
}
[root@localhost ~]#
Test nginx configuration
[root@localhost ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@localhost ~]#
Restart pritunl service
[root@localhost ~]# service pritunl restart
Redirecting to /bin/systemctl restart pritunl.service
[root@localhost ~]#
Restart nginx configuration
[root@localhost ~]# service nginx restart
Redirecting to /bin/systemctl restart nginx.service
[root@localhost ~]# service nginx status
Redirecting to /bin/systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-11-20 21:50:32 WIB; 7s ago
Process: 6690 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 6688 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 6686 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 6691 (nginx)
CGroup: /system.slice/nginx.service
├─6691 nginx: master process /usr/sbin/nginx
├─6692 nginx: worker process
├─6693 nginx: worker process
├─6694 nginx: worker process
├─6695 nginx: worker process
├─6696 nginx: worker process
├─6697 nginx: worker process
├─6698 nginx: worker process
└─6699 nginx: worker process
Nov 20 21:50:32 localhost.localdomain systemd[1]: Unit nginx.service entered failed state.
Nov 20 21:50:32 localhost.localdomain systemd[1]: nginx.service failed.
Nov 20 21:50:32 localhost.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy server...
Nov 20 21:50:32 localhost.localdomain nginx[6688]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Nov 20 21:50:32 localhost.localdomain nginx[6688]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Nov 20 21:50:32 localhost.localdomain systemd[1]: Started The nginx HTTP and reverse proxy server.
[root@localhost ~]#
Tidak ada komentar :
Posting Komentar