ww24/example.com.conf

## example.com.conf
upstream backend {
        server unix:/tmp/backend.sock;
}

server {
        listen 4433 ssl;
        server_name _;

        # SSL
        ssl_certificate /usr/local/etc/openssl/certs/cert.pem;
        ssl_certificate_key /usr/local/etc/openssl/certs/cert.pem;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_dhparam /usr/local/etc/openssl/certs/dhparam.pem;
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
        ssl_prefer_server_ciphers on;

　　　　　# document root
        root /Users/user/Documents/www;

        location / {
                try_files $uri $uri/index.html @backend;
        }

        # reverse proxy
        location @backend {
                proxy_pass http://backend;
        }
}

## file0.txt
$ openssl version
$ brew install openssl
$ brew link openssl --force
$ openssl version

## file1.txt
$ cd /usr/local/etc/openssl/certs
$ openssl req -days 365 -new -nodes -newkey rsa:4096 -x509 -keyout cert.pem -out cert.pem

## file2.txt
$ open cert.pem

## file4.txt
$ openssl dhparam -out dhparam.pem 2048

## file5.txt
$ brew install nginx

## file7.txt
$ ln -sfv /usr/local/opt/nginx/*.plist ~/Library/LaunchAgents

## file8.txt
$ ln -sfv /usr/local/opt/nginx/*.plist ~/Library/LaunchAgents

## file9.txt
$ open https://example.com:4433/

## hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1       localhost
255.255.255.255 broadcasthost
::1             localhost

# add
127.0.0.1       example.com

## nginx
#user www-data;
worker_processes 2;
worker_rlimit_nofile 4096;
#pid /run/nginx.pid;

events {
        worker_connections 1024;
        # multi_accept on;
}

http {
        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include mime.types;
        default_type application/octet-stream;

        ##
        # Virtual Host Configs
        ##

        include conf.d/*.conf;
}
	upstream backend {
	server unix:/tmp/backend.sock;
	}

	server {
	listen 4433 ssl;
	server_name _;

	# SSL
	ssl_certificate /usr/local/etc/openssl/certs/cert.pem;
	ssl_certificate_key /usr/local/etc/openssl/certs/cert.pem;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:50m;
	ssl_dhparam /usr/local/etc/openssl/certs/dhparam.pem;
	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
	ssl_prefer_server_ciphers on;

	# document root
	root /Users/user/Documents/www;

	location / {
	try_files $uri $uri/index.html @backend;
	}

	# reverse proxy
	location @backend {
	proxy_pass http://backend;
	}
	}
	$ openssl version
	$ brew install openssl
	$ brew link openssl --force
	$ openssl version
	$ cd /usr/local/etc/openssl/certs
	$ openssl req -days 365 -new -nodes -newkey rsa:4096 -x509 -keyout cert.pem -out cert.pem
	##
	# Host Database
	#
	# localhost is used to configure the loopback interface
	# when the system is booting. Do not change this entry.
	##
	127.0.0.1 localhost
	255.255.255.255 broadcasthost
	::1 localhost

	# add
	127.0.0.1 example.com
	#user www-data;
	worker_processes 2;
	worker_rlimit_nofile 4096;
	#pid /run/nginx.pid;

	events {
	worker_connections 1024;
	# multi_accept on;
	}

	http {
	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include mime.types;
	default_type application/octet-stream;

	##
	# Virtual Host Configs
	##

	include conf.d/*.conf;
	}