I created a SSL certificate on Cloudflare for my Nginx server. Then I created a folder which is called /etc/Cloudflare-ssl
Copied .key and .pem files from Cloudflare via following commands.
sudo nano /etc/Cloudflare-ssl/my-certificate.pem
sudo nano /etc/Cloudflare-ssl/private.key
And then added necessary lines into nginx configuration. I set ‘‘Full (Strict) SLL’’ on Cloudflare.
Now everything looks good. I can access to my blog on HTTPS.
But I want to ask that, permissions of these .key and .pem files are 644 as default. Should I change it for security reason?
Do other people have access to your server? Generally only the user under which the webserver is running would need access to these files.
No only I can access my server.
In that case it might not be too much of an issue, but if you want to avoid any other application/user to access the files you could certainly lock it down. You just need to make sure the files are accessible to the webserver user.
EDITED: So, There is no additional user and no issue for that.
I added below lines into my nginx configuration:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Do you recommend that?
By user I was referring to system users under which any other application might be running. It really comes down to how your machine is set up.
I also activated Authenticated Origin Pulls for more security
And you verify the client certificate on your side too?
If you mean that, yes I implemented it for nginx.
and also reloaded the nginx.
Alright, then you are set. Was just asking as there would be little point in making Cloudflare authenticate itself without checking that authentication.
This topic was automatically closed after 30 days. New replies are no longer allowed.