Set up HTTPS Service with Nginx

After synchronizing the repositories, set up the HTTPS service with Nginx.

Configure Nginx

Open the /etc/nginx/nginx.conf file and configure Nginx. Here is a sample configuration for reference. You can adjust the configuration according to your environment:

Note: The following configuration has been updated for VMware Telco Cloud Automation version 1.9.5.1. To use this configuration, ensure that you upgrade your VMware Telco Cloud Automation to version 1.9.5.1 or later.

user nobody nogroup;
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

# Settings for a TLS enabled server.
    server {
        listen 443 ssl http2 default_server;
        server_name <replace-with-custom-FQDN>;
        root /photon-reps;
        ssl_certificate "/etc/docker/certs.d/<replace-with-custom-FQDN>[:8043]/<replace-with-custom-FQDN>.cert";
        ssl_certificate_key "/etc/docker/certs.d/<replace-with-custom-FQDN>[:8043]/<replace-with-custom-FQDN>.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 10m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDH-RSA-AES256-SHA:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-SHA256:AES128-GCM-SHA256;
        ssl_prefer_server_ciphers on;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        location /updates/photon-updates/ {
            root /photon-reps;
            autoindex on;
            autoindex_exact_size off;
            autoindex_localtime on;
        }
        location /release/photon/ {
            root /photon-reps;
            autoindex on;
            autoindex_exact_size off;
            autoindex_localtime on;
        }
        location / {
            proxy_pass https://localhost:8043;
        }
        error_page 404 /404.html;
        location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }
    
    server {
        listen 80;
        server_name <replace-with-custom-FQDN>;
        rewrite ^(.*)$ https://${server_name}$1 permanent;
    }
}

If you are using a self-signed certificate, add the port number on the folder. For example:

ssl_certificate "/etc/docker/certs.d/<replace-with-custom-FQDN>:<port-number>/<replace-with-custom-FQDN>.cert";
ssl_certificate_key "/etc/docker/certs.d/<replace-with-custom-FQDN>:<port-number>/<replace-with-custom-FQDN>.key";

This action is not required for commercial certificates.

Start Nginx

To start Nginx, run the following commands:

#systemctl reload nginx
#systemctl restart nginx

To enable Nginx to start automatically after reboot, run the following command:

#systemctl enable nginx

Note: Ensure that your system firewall allows traffic from this service.

The following URLs are now active:

Update repository: https://<replace-with-custom-FQDN>/updates/photon-updates/.
Release repository: https://<replace-with-custom-FQDN>/release/photon/.