mirror of
https://github.com/dyzulk/trustlab-docs.git
synced 2026-01-26 21:41:54 +07:00
53 lines
1.2 KiB
Plaintext
53 lines
1.2 KiB
Plaintext
# Web Server Configuration
|
|
|
|
Configuring SSL/TLS on internal web servers is the most common use case for TrustLab.
|
|
|
|
## Nginx Configuration
|
|
|
|
Ensure you have downloaded the **PEM** format bundle (contains `.crt` and `.key`).
|
|
|
|
```nginx
|
|
server {
|
|
listen 80;
|
|
server_name internal.app;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name internal.app;
|
|
|
|
# SSL Configuration
|
|
ssl_certificate /path/to/internal.app.crt;
|
|
ssl_certificate_key /path/to/internal.app.key;
|
|
|
|
# Recommended Security Settings
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
}
|
|
```
|
|
|
|
## Apache (httpd)
|
|
|
|
```apache
|
|
<VirtualHost *:443>
|
|
ServerName internal.app
|
|
SSLEngine on
|
|
SSLCertificateFile "/path/to/internal.app.crt"
|
|
SSLCertificateKeyFile "/path/to/internal.app.key"
|
|
</VirtualHost>
|
|
```
|
|
|
|
## IIS (Windows Server)
|
|
|
|
For IIS, you must use the **PFX** format.
|
|
|
|
1. Open **IIS Manager**.
|
|
2. Select the server node.
|
|
3. Open **Server Certificates**.
|
|
4. Click **Import** in the actions pane.
|
|
5. Select your `.pfx` file and enter the password.
|
|
6. Go to your Site -> **Bindings**.
|
|
7. Add **https** binding and select the imported certificate.
|