nginx ์„ค์ • ssl ์˜ค๋ฅ˜

1351 ๋‹จ์–ด ๋‚œ์žก ํ•˜ ๋‹ค
1. ์˜ค๋ฅ˜ ์ •๋ณด
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/vhost/api.conf:16

2. ๋ฌธ์ œ ๋ถ„์„
์ƒ๊ธฐ ์˜ค๋ฅ˜ ๊ฐ€ ๋ฐœ์ƒ ํ•˜ ๋Š” ๊ณผ์ • ์€ ๋‚ด ๊ฐ€ nginx ๋ฅผ ์ƒˆ๋กœ์šด ๊ธฐ๊ณ„ ๋กœ ์˜ฎ ๊ธฐ ๋Š” ๊ฒƒ ์ด๋‹ค. ์ƒˆ๋กœ์šด ๊ธฐ๊ณ„ ์˜ nginx ๋ฒ„ ์ „ ์€ 1.15.8 ์ด ๊ณ  ๋‚ก์€ ๊ธฐ๊ณ„ ์˜ ๋ฒ„ ์ „ ์€ 1.12.0 ์ด๋‹ค.์‚ฌ์‹ค ์˜ค๋ฅ˜ ๋ฉ”์‹œ์ง€ ๋„ ๋šœ๋ ท ํ•ฉ ๋‹ˆ ๋‹ค. ssl ์„ ์ถ”์ฒœ ํ•˜์ง€ ์•Š ๊ณ  listen ์„ ์‚ฌ์šฉ ํ•ฉ ๋‹ˆ ๋‹ค. ssl ์€ ๊ด€๋ จ ๊ฒŒ์‹œ ๋ฌผ ์„ ๋ณด ์•˜ ์Šต ๋‹ˆ ๋‹ค. 1.15 ์ดํ›„ ๋ฒ„ ์ „ ์€ ๋ชจ๋‘ listen. ssl ์„ ์ถ”์ฒœ ํ•ฉ ๋‹ˆ ๋‹ค.
3. ์„ค์ • ์ˆ˜์ •
์‚ฌ์‹ค์€ ๊ธฐ ์กด์˜ ssl on ์„ค์ • ์ • ๋ณด ๋ฅผ ์—† ์• ๊ณ  listen 443 ssl ๋กœ ๋Œ€์ฒด ํ•˜๋ฉด ๋ฉ ๋‹ˆ ๋‹ค.
server {
	#listen 443;       ๏ผŒ    
	listen 443 ssl;
	server_name xxx.xxxx.com;

	#ssl on;        
	index index.html;
	ssl_certificate   /usr/local/nginx/cert/api/xxx.pem;
	ssl_certificate_key  /usr/local/nginx/cert/api/xxx.key;
	ssl_session_timeout 5m;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;

	location / {
	proxy_set_header  X-Forwarded-Host $host;
	proxy_set_header  X-Forwarded-Proto $scheme;
	proxy_set_header  X-Real-IP  $remote_addr;
	proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect off;
	expires off;
	sendfile off;
	proxy_pass http://xxx.xxx.com;
      }
}

4, ๋‹ค์‹œ ๋กœ๋“œ ์„ค์ •
nginx ์˜ sbin ๋”” ๋ ‰ ํ„ฐ ๋ฆฌ ์—์„œ ์‹คํ–‰ ํ•ฉ ๋‹ˆ ๋‹ค. / nginx - s reload

์ข‹์€ ์›นํŽ˜์ด์ง€ ์ฆ๊ฒจ์ฐพ๊ธฐ