TASSTA Documentation Center TASSTA Documentation Center More products
Hide table of contents Hide details Search My account

Proxy

To configure the proxy, first сoncatenate the SSL certificate and Intermediate CA certificate into a single file. For that, use the cat command. Example:

cat ssl_certificate.crt IntermediateCA.crt >> certbundle.pem

The contents of the resulting file will look similar to the following:

ssl_certificate /usr/local/tassta/cert/certbundle.pem;
ssl_certificate_key /usr/local/tassta/cert/star_tassta_com.key;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

ssl_stapling on;
ssl_stapling_verify on;

Make sure the proxy is updated:

echo "deb http://nginx.org/packages/debian/ stretch nginx" | tee -a /etc/apt/sources.list.d/nginx.list
echo "deb-src http://nginx.org/packages/debian/ stretch nginx" | tee -a /etc/apt/sources.list.d/nginx.list
wget http://nginx.org/keys/nginx_signing.key
apt-key add nginx_signing.key
apt-get update
/etc/nginx/sites-enabled/default ~/
apt-get remove nginx* --purge
apt-get install nginx-common
apt-get install nginx
cp ~/default /etc/nginx/conf.d/default.cfg
nginx start
nginx -T