Proxy
To configure the proxy, first сoncatenate the SSL certificate and Intermediate CA certificate into a single file. For that, use the cat command. Example:
cat ssl_certificate.crt IntermediateCA.crt >> certbundle.pem
The contents of the resulting file will look similar to the following:
ssl_certificate /usr/local/tassta/cert/certbundle.pem;
ssl_certificate_key /usr/local/tassta/cert/star_tassta_com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_stapling on;
ssl_stapling_verify on;
Make sure the proxy is updated:
echo "deb http://nginx.org/packages/debian/ stretch nginx" | tee -a /etc/apt/sources.list.d/nginx.list
echo "deb-src http://nginx.org/packages/debian/ stretch nginx" | tee -a /etc/apt/sources.list.d/nginx.list
wget http://nginx.org/keys/nginx_signing.key
apt-key add nginx_signing.key
apt-get update
/etc/nginx/sites-enabled/default ~/
apt-get remove nginx* --purge
apt-get install nginx-common
apt-get install nginx
cp ~/default /etc/nginx/conf.d/default.cfg
nginx start
nginx -T