LINUX.ORG.RU
решено ФорумAdmin

Настраиваю BigBlueButton, прошу помощи по сертификатам

 ,


0

1

В общем система настроена и запускается, сейчас у меня задача сделать так чтобы все это работало по https

Configure nginx to use HTTPSAnchor link for: configure nginx to use https
Depending on your certificate authority (CA), you should now have 2 or more files, as follows:

Certificate
Private key
Intermediate certificate (there may be more than one, or could be none)
The next step is to install the files on the server.

Create the directory /etc/nginx/ssl:

# mkdir /etc/nginx/ssl
And now create the private key file for nginx to use (replace the hostname in the filename with your own). In addition, fix the permissions so that only root can read the private key:

# cat >/etc/nginx/ssl/bigbluebutton.example.com.key <<'END'
Paste the contents of your key file here
END
chmod 0600 /etc/nginx/ssl/bigbluebutton.example.com.key
And the certificate file. Note that nginx needs your server certificate and the list of intermediate certificates together in one file (replace the hostname in the filename with your own):

# cat >/etc/nginx/ssl/bigbluebutton.example.com.crt <<'END'
Paste (in order) the contents of the following files:
  1. The signed certificate from the CA
  2. In order, each intermediate certificate provided by the CA (but do not include the root).
END
In addition, we’ll generate a set of 2048-bit diffie-hellman parameters to improve security for some types of ciphers. This step can take several minutes to complete, particularly if run on a virtual machine.

# openssl dhparam -out /etc/nginx/ssl/dhp-2048.pem 2048
Now we can edit the nginx configuration to use SSL. Edit the file /etc/nginx/sites-available/bigbluebutton to add the marked lines. Ensure that you’re using the correct filenames to match the certificate and key files you created above.

server {
  server_name bigbluebutton.example.com;
  listen 80;
  listen [::]:80;
  listen 443 ssl;
  listen [::]:443 ssl;

  ssl_certificate /etc/nginx/ssl/bigbluebutton.example.com.crt;
  ssl_certificate_key /etc/nginx/ssl/bigbluebutton.example.com.key;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!AES256";
  ssl_prefer_server_ciphers on;
  ssl_dhparam /etc/nginx/ssl/dhp-2048.pem;
  
For reference, note that the SSL settings used above are based on those proposed in https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ and provide support for all modern browsers (including IE8, but not IE6, on Windows XP). Please note that recommended SSL settings are subject to change as new vulnerabilities are found.

Тут говорится про

  • Certificate
  • Private key
  • Intermediate certificate (there may be more than one, or could be none)

Как мне сгенерировать эти ключи и сертификаты, любые пусть не имеющие удостоверяющего центра, пока нужно запустить систему с рабочим микрофоном

Полный текст руководства настройки тут: http://docs.bigbluebutton.org/install/install.html

openssl genrsa 1024 > host.key

chmod 400 host.key

openssl req -new -x509 -nodes -sha1 -days 365 -key host.key -out host.cert

Shulman ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.