Mudanças entre as edições de "SSL no Gandi"

De MochilaWiki
Ir para navegaçãoIr para pesquisar
Linha 40: Linha 40:
 
* https://fak3r.com/2014/08/04/howto-serve-gandi-ssl-certs-in-nginx/
 
* https://fak3r.com/2014/08/04/howto-serve-gandi-ssl-certs-in-nginx/
 
* http://charlieharvey.org.uk/page/gandi_sha2_intermediate_cert_ssl_tls
 
* http://charlieharvey.org.uk/page/gandi_sha2_intermediate_cert_ssl_tls
 +
 +
no nginx ficou assim
 +
 +
<source lang="nginx">*
 +
    server {
 +
        listen          80;
 +
        server_name quijaua.me www.quijaua.me;
 +
        access_log  /var/log/nginx/iredmail-access.log;
 +
        error_log  /var/log/nginx/iredmail-error.log info;
 +
 +
        location / {
 +
                rewrite ^ https://quijaua.me/mail permanent;
 +
        }
 +
    location ~ \.php$ {
 +
            fastcgi_pass  127.0.0.1:9000;
 +
            fastcgi_index  index.php;
 +
            include fastcgi_params;
 +
            fastcgi_param SCRIPT_FILENAME /usr/share/apache2/roundcubemail$fastcgi_script_name;
 +
    }
 +
 +
}
 +
 +
server {
 +
    listen      443;
 +
    server_name  quijaua.me;
 +
 +
    location / {
 +
        root  /usr/share/apache2/;
 +
        index  index.php index.html;
 +
    }
 +
    location ~ \.php$ {
 +
        root            /usr/share/apache2;
 +
        include        fastcgi_params;
 +
        fastcgi_pass    127.0.0.1:9000;
 +
        fastcgi_index  index.php;
 +
        fastcgi_param  SCRIPT_FILENAME /usr/share/apache2$fastcgi_script_name;
 +
        fastcgi_param  SERVER_NAME $http_host;
 +
        fastcgi_ignore_client_abort on;
 +
    }
 +
    ssl                  on;
 +
    ssl_certificate    /etc/nginx/ssl/quijaua-me.crt22;
 +
    ssl_certificate_key  /etc/nginx/ssl/priv/myserver.key;
 +
 +
}
 +
</source>

Edição das 00h25min de 5 de dezembro de 2015

  1. Autentique no painel
  2. clique em SSL
  3. selecione o dominio
  4. clique em get
  5. copie o conteúdo e salve num arquivo com o nome nuevo.crt
wget https://www.gandi.net/static/CAs/GandiStandardSSLCA.pem
cat nuevo.crt GandiStandardSSLCA.pem > quijaua-me.crt
mkdir /etc/nginx/ssl/
mv quijaua-me.crt /etc/nginx/ssl/

referencias:

2015

com base em

conforme

faltou

usar sha2

documentação atual

no nginx ficou assim

*
    server {
        listen          80;
        server_name quijaua.me www.quijaua.me;
        access_log   /var/log/nginx/iredmail-access.log;
        error_log  /var/log/nginx/iredmail-error.log info;

        location / {
                rewrite ^ https://quijaua.me/mail permanent;
        }
    location ~ \.php$ {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME /usr/share/apache2/roundcubemail$fastcgi_script_name;
    }

}

server {
    listen       443;
    server_name  quijaua.me;

    location / {
        root   /usr/share/apache2/;
        index  index.php index.html;
    }
     location ~ \.php$ {
        root            /usr/share/apache2;
        include         fastcgi_params;
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_index   index.php;
        fastcgi_param   SCRIPT_FILENAME /usr/share/apache2$fastcgi_script_name;
        fastcgi_param   SERVER_NAME $http_host;
        fastcgi_ignore_client_abort on;
    }
    ssl                  on;
    ssl_certificate     /etc/nginx/ssl/quijaua-me.crt22;
    ssl_certificate_key  /etc/nginx/ssl/priv/myserver.key;

}