*****
Nginx
*****
How To Build Nginx on Ubuntu 12.04
==================================
.. literalinclude:: build_nginx.sh
   :language: bash
   :linenos:

:download:`build_nginx.sh`

From: http://www.letseehere.com/reverse-proxy-web-sockets

Installing StartCOM SSL Certificates
====================================
http://blurringexistence.net/index.php?url=archives/5-nginx-and-StartSSL.html

Get all relevant certs::

    mkdir capath
    cd capath
    wget http://www.startssl.com/certs/ca.pem
    wget http://www.startssl.com/certs/sub.class1.server.ca.pem
    wget http://www.startssl.com/certs/sub.class2.server.ca.pem

Generate certificate (:download:`ssl_cert_helper`)::

    wget http://blag.felixhummel.de/_downloads/ssl_cert_helper
    chmod +x helper
    ./helper

Verify locally::

    openssl verify -CApath capath/ jacob-consulting.de/cert

Verify remotely::

    openssl s_client -connect example.org:443

Disabling SSLv3 against Poodle
==============================
This must return a handshake error::

    echo 'GET /' | openssl s_client -quiet -connect $domain:443 -ssl3

And here's the config snippet for nginx::

    # https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

Links
=====
- http://nginx.org/