From 53c5ef54579630637912d6205595957913e02b27 Mon Sep 17 00:00:00 2001
From: simonzhangsz <simonzhangsz@outlook.com>
Date: Wed, 10 Jan 2024 11:36:11 +0800
Subject: [PATCH] fix: certs renew

---
 build/etc/nginx/conf.d/omc.conf | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/build/etc/nginx/conf.d/omc.conf b/build/etc/nginx/conf.d/omc.conf
index 5eebc39..35cf64f 100644
--- a/build/etc/nginx/conf.d/omc.conf
+++ b/build/etc/nginx/conf.d/omc.conf
@@ -1,16 +1,22 @@
 server {
-    listen                             4443 ssl;
-    listen                             [::]:4443 ssl;
-    server_name                        0.0.0.0;
+    listen          4443 ssl;
+    listen          [::]:4443 ssl;
+    server_name     0.0.0.0;
     root /usr/local/omc/htdocs/front/;
     index index.html index.htm;
     server_name localhost;
     # SSL
-    ssl_certificate                    /usr/local/omc/etc/certs/ca_cert.pem;
-    ssl_certificate_key                /usr/local/omc/etc/certs/private_key.pem;
-    #ssl_certificate                    /usr/local/omc/etc/certs/tsa-omc.pem;
-    #ssl_certificate_key                /usr/local/omc/etc/certs/tsa-omc_pri.pem;
+    ssl_certificate                 /usr/local/omc/etc/certs/omc-server.crt;
+    ssl_certificate_key             /usr/local/omc/etc/certs/omc-server.key;
     
+    # CA, 自定义
+    ssl_client_certificate          /usr/local/omc/etc/certs/omc-ca.crt;
+    ssl_verify_client on;
+  
+    # ssl ciphers
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+
 #    location /api/rest/securityManagement {
 #        proxy_pass                         http://127.0.0.1:5050;
 #    }