Strong diffie-hellman
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Generate self-signed key with proper AltName support
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -addext 'subjectAltName=DNS:ender5.local' -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
change ender5.local to match your host name
nginx config in /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name ender5.local;
return 302 https://$server_name$request_uri;
}
upstream octoprint {
server localhost:5000;
}
server {
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
gzip off;
location / {
proxy_pass http://octoprint/;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_http_version 1.1;
client_max_body_size 0;
}
}