SSL Setup for AtoM2.5 with Nginx Web Server

129 views
Skip to first unread message

Maximilian

unread,
Mar 14, 2020, 6:20:28 PM3/14/20
to AtoM Users
I have setup AtoM with Nginx unde Linux - Ubuntu 18.04 

1. What are the setup required under Nginx Webserver? 

2. The installation is under AWS, can I use the cert issue by AWS or need to buy one?



David Hume

unread,
Mar 16, 2020, 6:00:54 PM3/16/20
to AtoM Users


Hi Maximilian,

You very well might be able to use the certificate issued by AWS if it is configured for your site name.

A variation that should work - similar to as described at https://www.accesstomemory.org/en/docs/2.5/admin-manual/installation/linux/ubuntu-bionic/#web-server but like this

server {

  listen 80;
server_name archives.foobar.com;
return 301 https://archives.foobar.com$request_uri;
}

server {
listen 443 ssl;
 root /usr/share/nginx/atom; server_name archives.foobar.com;
ssl on;
ssl_certificate /etc/ssl/private/foobar/aws-foobar.crt;
ssl_certificate_key /etc/ssl/private/foobar/aws-foobar.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

 client_max_body_size 72M;

(( rest the same as outlined in the documentation ))


If the AWS certificate doesn't work out, you could buy one or set up a free one like Let's Encrypt (https://letsencrypt.org/)

Please let us all know here how it goes or if you have any more questions.


Regards,

    Dave Hume, Artefactual Systems Administrator
Reply all
Reply to author
Forward
0 new messages