Nginx on VPN

Configure server with OpenVPN and CA

Install OpenVPN

sudo apt install nginx

nginx config

sudo vi /etc/nginx/sites-av.../default

server {
    listen 10.8.0.1:443 ssl;
    # server_name _;  # You can omit this line or use '_'

    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

    # SSL settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_session_tickets off;

    # Add Diffie-Hellman parameter for DHE ciphersuites
    ssl_dhparam /etc/ssl/certs/dhparam.pem;


    # Add security headers
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options DENY;
    add_header X-XSS-Protection "1; mode=block";

    # Reverse proxy settings
    location / {
        proxy_pass http://<SERVER_B_IP>:80;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

SSL Certs

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/ssl/private/nginx-selfsigned.key \
  -out /etc/ssl/certs/nginx-selfsigned.crt \
  -subj "/CN=10.8.0.1"

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

sudo nginx -t
sudo systemctl reload nginx

1.5 KiB Raw Blame History

Nginx on VPN

Install OpenVPN

nginx config

SSL Certs

1.5 KiB

Raw Blame History