-1

Hi I setup an ssl certificate using godaddy and read the following article: Best location for SSL certificate and private keys on Ubuntu. I am trying to protect an aws ubuntu gitlab instance that uses nginx as a server.

My /etc/ssl/private/ has the following files:

.csr generated on server
.key generated on server
.crt generated by godaddy
.crt BUNDLE generated by godaddy

I have given them the following permissions respectively:

root:root 644
root:ssl-cert 640
root:root 644
root:root 644

Is this correct?

It has been mentioned that this question is the same as What Should be the Permissions of Apache SSL Directory, Certificate, and Key? and my only reason that it is distinct is because it is for nginx NOT apache.

Community
  • 1
Gobi Dasu
  • 134
  • 1
  • 6

1 Answers1

1

This question is distinct from What Should be the Permissions of Apache SSL Directory, Certificate, and Key? because it is for nginx.

However, following https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md helped me and the answer turned out to be the same as the answer to the apache question What Should be the Permissions of Apache SSL Directory, Certificate, and Key?.

Specifically, I followed the "Enable HTTPS" section which said to do:

sudo mkdir -p /etc/gitlab/ssl
sudo chmod 700 /etc/gitlab/ssl
sudo cp gitlab.example.com.key gitlab.example.com.crt /etc/gitlab/ssl/
sudo ufw allow https

I also made root the owner of the /etc/gitlab/ssl directory and the .crt and .key files inside it, and made the .crt and the .key files' permissions 600, just like the apache answer says.

I don't mind if this question is deleted but first the Apache question's title should be changed to "What Should be the Permissions of Apache/Nginx SSL Directory, Certificate, and Key?"

Community
  • 1
Gobi Dasu
  • 134
  • 1
  • 6