diff options
author | Corey Hulen <corey@hulen.com> | 2016-01-04 08:42:37 -0600 |
---|---|---|
committer | Corey Hulen <corey@hulen.com> | 2016-01-04 08:42:37 -0600 |
commit | 30ea2585bc5d8654a097bb8bae463c37aa597817 (patch) | |
tree | 452dcb4e57ccb68932bb58950a6dac67a53e66f2 /doc/install/Production-Ubuntu.md | |
parent | 8b9f9fb9c1ca384a2174c40b399fe545a7dabc0f (diff) | |
parent | e419d12e231121ff3b75dbfd76e3bc691479d83e (diff) | |
download | chat-30ea2585bc5d8654a097bb8bae463c37aa597817.tar.gz chat-30ea2585bc5d8654a097bb8bae463c37aa597817.tar.bz2 chat-30ea2585bc5d8654a097bb8bae463c37aa597817.zip |
Merge pull request #1788 from hjf288/GIT-1682
GIT-1682: Complete the SSL configuration section of the documentation…
Diffstat (limited to 'doc/install/Production-Ubuntu.md')
-rw-r--r-- | doc/install/Production-Ubuntu.md | 71 |
1 files changed, 41 insertions, 30 deletions
diff --git a/doc/install/Production-Ubuntu.md b/doc/install/Production-Ubuntu.md index da3487f45..e3f91f2a1 100644 --- a/doc/install/Production-Ubuntu.md +++ b/doc/install/Production-Ubuntu.md @@ -107,19 +107,20 @@ exec bin/platform * Below is a sample configuration with the minimum settings required to configure Mattermost ``` server { - server_name mattermost.example.com; + server_name mattermost.example.com; + location / { - client_max_body_size 50M; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://10.10.10.2:8065; + client_max_body_size 50M; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass http://10.10.10.2:8065; } - } + } ``` * Remove the existing file with * ``` sudo rm /etc/nginx/sites-enabled/default``` @@ -151,29 +152,39 @@ exec bin/platform 4. Modify the file at `/etc/nginx/sites-available/mattermost` and add the following lines: ``` server { - listen 80; - server_name mattermost.example.com; - return 301 https://$server_name$request_uri; + listen 80; + server_name mattermost.example.com; + return 301 https://$server_name$request_uri; } server { - listen 443 ssl; - server_name mattermost.example.com; - - ssl on; - ssl_certificate /home/ubuntu/cert/mattermost.crt; - ssl_certificate_key /home/ubuntu/cert/mattermost.key; - ssl_dhparam /home/ubuntu/cert/dhparam.pem; - ssl_session_timeout 5m; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; + listen 443 ssl; + server_name mattermost.example.com; + + ssl on; + ssl_certificate /home/ubuntu/cert/mattermost.crt; + ssl_certificate_key /home/ubuntu/cert/mattermost.key; + ssl_dhparam /home/ubuntu/cert/dhparam.pem; + ssl_session_timeout 5m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; - # add to location / above - location / { - gzip off; - proxy_set_header X-Forwarded-Ssl on; + location / { + gzip off; + proxy_set_header X-Forwarded-Ssl on; + client_max_body_size 50M; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass http://10.10.10.2:8065; + } + } ``` |