Last active
August 29, 2015 14:17
-
-
Save ww24/8792a56523adfa4b27e7 to your computer and use it in GitHub Desktop.
Mac で開発用 HTTPS サーバ構築 ref: http://qiita.com/ww24/items/423108ac3659e0f06bc7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream backend { | |
server unix:/tmp/backend.sock; | |
} | |
server { | |
listen 4433 ssl; | |
server_name _; | |
# SSL | |
ssl_certificate /usr/local/etc/openssl/certs/cert.pem; | |
ssl_certificate_key /usr/local/etc/openssl/certs/cert.pem; | |
ssl_session_timeout 5m; | |
ssl_session_cache shared:SSL:50m; | |
ssl_dhparam /usr/local/etc/openssl/certs/dhparam.pem; | |
ssl_protocols TLSv1.1 TLSv1.2; | |
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; | |
ssl_prefer_server_ciphers on; | |
# document root | |
root /Users/user/Documents/www; | |
location / { | |
try_files $uri $uri/index.html @backend; | |
} | |
# reverse proxy | |
location @backend { | |
proxy_pass http://backend; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ openssl version | |
$ brew install openssl | |
$ brew link openssl --force | |
$ openssl version |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ cd /usr/local/etc/openssl/certs | |
$ openssl req -days 365 -new -nodes -newkey rsa:4096 -x509 -keyout cert.pem -out cert.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ open cert.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ openssl dhparam -out dhparam.pem 2048 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ brew install nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ ln -sfv /usr/local/opt/nginx/*.plist ~/Library/LaunchAgents |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ ln -sfv /usr/local/opt/nginx/*.plist ~/Library/LaunchAgents |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ open https://example.com:4433/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
# Host Database | |
# | |
# localhost is used to configure the loopback interface | |
# when the system is booting. Do not change this entry. | |
## | |
127.0.0.1 localhost | |
255.255.255.255 broadcasthost | |
::1 localhost | |
# add | |
127.0.0.1 example.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#user www-data; | |
worker_processes 2; | |
worker_rlimit_nofile 4096; | |
#pid /run/nginx.pid; | |
events { | |
worker_connections 1024; | |
# multi_accept on; | |
} | |
http { | |
## | |
# Basic Settings | |
## | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 65; | |
types_hash_max_size 2048; | |
server_tokens off; | |
# server_names_hash_bucket_size 64; | |
# server_name_in_redirect off; | |
include mime.types; | |
default_type application/octet-stream; | |
## | |
# Virtual Host Configs | |
## | |
include conf.d/*.conf; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment