How to setup nginx for https certificate?

S

Stanislav2015-08-19 17:22:02

Nginx

Stanislav, 2015-08-19 17:22:02

Help me configure Nginx for HTTPS
The site works in conjunction with Node.JS + Nginx

Yesterday I bought a certificate from Сomodo, but I can’t configure it =(

4 files were sent to the mail
Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - COMODORSAAddTrustCA.crt
Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA .crt
Your PositiveSSL Certificate - www_site_ru.crt

And the code -----BEGIN CERTIFICATE-----

Uploaded 4 files to the folder I created /ssl/private/ Executed cat

www_site_ru.crt
COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > ssl-bundle .crt

I don't understand where to get the .key file? Or is this BEGIN CERTIFICATE ??? Or do I need to somehow generate it on the server?

I write the following settings for nginx

server {
                server_name site.ru www.site.ru;
                listen IP_SERVER:443 ssl;
                keepalive_timeout   70;

                ssl_certificate     $root_path /ssl/private/ssl-bundle.crt;
                ssl_certificate_key $root_path /ssl/private/www_site_ru.crt;
                ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
                ssl_ciphers         HIGH:!aNULL:!MD5;

                charset UTF-8;
                gzip on;
                gzip_disable "msie6";
                gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
                set $root_path /var/www/user/data/folder;
                proxy_read_timeout 1200s;
                location / {
                        proxy_pass http://IP_SERVER:8130;
                        proxy_redirect http://IP_SERVER:8130/ /;
                        proxy_set_header Host $host;
                        proxy_http_version 1.1;
                        proxy_set_header Upgrade $http_upgrade;
                        proxy_set_header Connection "upgrade";
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header X-Real-IP $remote_addr;
                }
                location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {
                        proxy_pass http://IP_SERVER:8130;
                        proxy_redirect http://IP_SERVER:8130/ /;
                        proxy_set_header Host $host;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header X-Forwarded-Proto $scheme;
                        proxy_set_header X-Real-IP $remote_addr;
                }
                location @fallback {
                        proxy_pass http://IP_SERVER:8130;
                        proxy_set_header Host $host;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header X-Forwarded-Proto $scheme;
                        proxy_set_header X-Real-IP $remote_addr;
                }
        }

But I get an error when I restart nginx
In the nginx error.log logs write
invalid number of arguments in "ssl_certificate" directive in /etc/nginx/nginx.conf:251

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Andrey Burov, 2015-08-19
@ms-dred

invalid number of arguments in "ssl_certificate" directive in /etc/nginx/nginx.conf:251

ssl_certificate     $root_path /ssl/private/ssl-bundle.crt;
ssl_certificate_key $root_path /ssl/private/www_site_ru.crt;

You have a space after $root_path