Skip to content

Commit 11393e2

Browse files
TackticianTacktician
committed
fixed SSL Lab
1 parent e688c26 commit 11393e2

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

nginxCore.html

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1538,7 +1538,7 @@ <h3>Elliptic Curves</h3>
15381538
</section>
15391539

15401540
<section data-state="lab">
1541-
<h3>Lab 4: SSL Certs</h3>
1541+
<h3>Lab 4.1: SSL Certs</h3>
15421542
<ol>
15431543
<li>Create a directory for your certificates and key signatures</li>
15441544
<pre><code class="linux" data-trim contenteditable>
@@ -1557,11 +1557,10 @@ <h3>Lab 4: SSL Certs</h3>
15571557
<section data-state="lab">
15581558
<h3>Lab 4.2: Configure SSL Parameters</h3>
15591559
<ol>
1560-
<li>In conf.d, create and add the following to a new file called <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">ssl.params.conf</span></pre></li>
1560+
<li>In the new <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">ssl</span></pre> directory, create and add the following to a new file called <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">ssl.params.conf</span></pre></li>
15611561
<pre><code class="linux" data-trim contenteditable>
15621562
ssl_certificate /etc/nginx/ssl/nginx.crt; 
15631563
ssl_certificate_key /etc/nginx/ssl/nginx.key;
1564-
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
15651564

15661565
ssl_protocols TLSv1.2;
15671566
ssl_ciphers "AES256+EECDH:AES256+EDH:!aNULL";
@@ -1570,8 +1569,7 @@ <h3>Lab 4.2: Configure SSL Parameters</h3>
15701569
ssl_session_cache shared:SSL:10m;
15711570
ssl_session_timeout 10m;
15721571
ssl_session_tickets off;
1573-
ssl_stapling on;
1574-
ssl_stapling_verify on;
1572+
15751573
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
15761574
add_header X-Frame-Options DENY;
15771575
add_header X-Content-Type-Options nosniff;
@@ -1586,9 +1584,9 @@ <h3>Lab 4.2: Configure SSL Parameters</h3>
15861584
</section>
15871585

15881586
<section data-state="lab">
1589-
<h3>Lab 4.5: Configure HTTPS</h3>
1587+
<h3>Lab 4.3: Configure HTTPS</h3>
15901588
<ol>
1591-
<li>Save and open <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">main.conf</span></pre></li>
1589+
<li>Save and open <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">server1.conf</span></pre></li>
15921590
<li>Add a new <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">return</span></pre> directive in the <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">server</span></pre> context that redirects all traffic to <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">https</span></pre></li>
15931591
<pre><code class="linux" data-trim contenteditable>
15941592
server {
@@ -1598,11 +1596,11 @@ <h3>Lab 4.5: Configure HTTPS</h3>
15981596
}
15991597

16001598
</code></pre>
1601-
<li>Add another <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">server</span></pre> listening on <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">433</span></pre>, using <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">ssl</span></pre> and includes <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">ssl.params.conf</span></pre></li>
1599+
<li>Add another <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">server</span></pre> context that listens on <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">433</span></pre>, enables <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">ssl</span></pre>, and includes <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">ssl.params.conf</span></pre></li>
16021600
<pre><code class="linux" data-trim contenteditable>
16031601
server {
16041602
listen 443 ssl;
1605-
include /etc/nginx/conf.d/ssl.params.conf;
1603+
include /etc/nginx/ssl/ssl.params.conf;
16061604
}
16071605
}
16081606
</code></pre>
@@ -1632,12 +1630,13 @@ <h3>Lab 4.5: Configure HTTPS</h3>
16321630
</section>
16331631

16341632
<section data-state="lab">
1635-
<h3>Lab 4.8: Test on SSL Labs.com</h3>
1633+
<h3>Lab 4.4: Test on SSL Labs.com</h3>
16361634
<div style="float:left;width:50%;padding-right:0px;">
16371635
<ol>
16381636
<li>Save and <pre style="display:inline; color:rgb(240,168,40);"><span style="font-size: 30px;">reload</span></pre> NGINX</li>
16391637
<li>Test your site on <a href="https://www.ssllabs.com/ssltest/" target="_blank">SSL Labs.com</a></li>
16401638
<li>Share your results with the class</li>
1639+
<li>You should receive a "T" rating</li>
16411640
</ol>
16421641
</div>
16431642

@@ -1647,6 +1646,7 @@ <h3>Lab 4.8: Test on SSL Labs.com</h3>
16471646

16481647
<aside class ="notes">
16491648
<ol>
1649+
<li>You should recieve a rating of "T," because we're using self-signed certificates (below the T rating in small print should tell you your score if all trust issues are resolved)</li>
16501650
</ol>
16511651
</aside>
16521652
</section>

0 commit comments

Comments
 (0)