Create a gist now

Instantly share code, notes, and snippets.

BITSIZE=4096
FILE=eatabrick.org
all: $(FILE).pem $(FILE).key dhparam.pem
chown http:http $(FILE).*
chmod 600 $(FILE).key
$(FILE).pem: $(FILE).csr intermediate.pem
@echo "Copy and paste the following into your CA:"
@cat $(FILE).csr
@echo "Paste the certificate from your CA here (^D to finish):"
@cat >$(FILE).pem
@cat intermediate.pm >>$(FILE).pem
$(FILE).csr: $(FILE).key
openssl req -new -key $(FILE).key -out $(FILE).csr
$(FILE).key:
openssl genrsa -des3 -passout pass:x -out $(FILE).pass.key $(BITSIZE)
openssl rsa -passin pass:x -in $(FILE).pass.key -out $(FILE).key
rm $(FILE).pass.key
intermediate.pem:
@echo "Paste any intermediate certs here (^D to finish):"
@cat >intermediate.pem
dhparam.pem:
openssl dhparam -out dhparam.pem $(BITSIZE)
clean:
rm $(FILE).* intermediate.pem dhparam.pem
server {
listen 80 default;
listen [::]:80 default;
server_name eatabrick.org www.eatabrick.org;
rewrite ^/(.*) https://eatabrick.org/$1 permanent;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.eatabrick.org;
ssl_certificate /etc/nginx/ssl/eatabrick.org.pem;
ssl_certificate_key /etc/nginx/ssl/eatabrick.org.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4:!3DES';
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_stapling on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options DENY;
rewrite ^/(.*) https://eatabrick.org/$1 permanent;
}
server {
listen 443 ssl default;
listen [::]:443 ssl default;
server_name eatabrick.org;
ssl_certificate /etc/nginx/ssl/eatabrick.org.pem;
ssl_certificate_key /etc/nginx/ssl/eatabrick.org.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4:!3DES';
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_stapling on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options DENY;
access_log /var/log/nginx/eatabrick.org.access.log;
error_log /var/log/nginx/eatabrick.org.error.log;
root /srv/http/eatabrick.org/htdocs/;
index index.html;
error_page 404 /404.html;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment