Solución al Error ssl_error_bad_cert_domain
letsencrypt certonly --standalone -d midominio.mx -d www.midominio.mx
La configuración de nginx quedaria (midominio.mx) --> /etc/nginx/sites-enabled:
upstream oddo {
server 127.0.0.1:8069;
}
server {
listen 443 default;
server_name midominio.mx www.midominio.mx;
access_log /var/log/nginx/oddo.access.log;
error_log /var/log/nginx/oddo.error.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/midominio.mx/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/midominio.mx/privkey.pem;
keepalive_timeout 60;
#ssl_ciphers HIGH:!ADH:!MD5;
#ssl_protocols SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location / {
proxy_pass http://oddo;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 300000;
}
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://oddo;
}
}
server {
listen 80;
server_name midominio.mx www.midominio.mx;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host$request_uri? permanent;
}
0 comentarios:
Publicar un comentario