RedashはNginxでプロキシしてrd_serversが動いているので、
ささっとベーシックとSSL化してみました。
■/etc/nginx/conf.d/redash.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
upstream rd_servers { server 127.0.0.1:5000; } server { listen 80 default; return 301 https://redash.adachin.com/; } server { server_tokens off; listen 443 ssl; ssl on; ssl_certificate /etc/letsencrypt/live/redash.adachin.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/redash.adachin.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; access_log /var/log/nginx/rdssl.access.log; gzip on; gzip_types *; gzip_proxied any; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://rd_servers; proxy_redirect off; satisfy any; allow xxx.xxxx.xxxx.xxxx; allow xxx.xxxx.xxxx.xxxx; allow xxx.xxxx.xxxx.xxxx; deny all; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd; } } |
■まとめ
「公式を嫁!」
あとでH2Oにしてみよう。
↓やった。
参考
https://redash.io/help-onpremise/setup/ssl-https-setup.html
0件のコメント