fix: certs renew

2024-01-10 11:36:11 +08:00
parent 3fd8d21e2c
commit 53c5ef5457
1 changed files with 13 additions and 7 deletions
--- a/build/etc/nginx/conf.d/omc.conf
+++ b/build/etc/nginx/conf.d/omc.conf
@@ -6,10 +6,16 @@ server {
    index index.html index.htm;
    server_name localhost;
    # SSL
-    ssl_certificate                    /usr/local/omc/etc/certs/ca_cert.pem;
-    ssl_certificate_key                /usr/local/omc/etc/certs/private_key.pem;
-    #ssl_certificate                    /usr/local/omc/etc/certs/tsa-omc.pem;
-    #ssl_certificate_key                /usr/local/omc/etc/certs/tsa-omc_pri.pem;
+    ssl_certificate                 /usr/local/omc/etc/certs/omc-server.crt;
+    ssl_certificate_key             /usr/local/omc/etc/certs/omc-server.key;
+    
+    # CA, 自定义
+    ssl_client_certificate          /usr/local/omc/etc/certs/omc-ca.crt;
+    ssl_verify_client on;
+  
+    # ssl ciphers
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;

 #    location /api/rest/securityManagement {
 #        proxy_pass                         http://127.0.0.1:5050;