Changes for page How to setup an Nginx reverse proxy and also provide a global X.509 certificate for it

Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -236,9 +236,14 @@
236	236	Now, I admit, these file paths are usually generated by the certbot utility. Configuring certbox is outside the scope of this article and I will not cover it.
237	237	certbot is also an utility specific for the Let's Encrypt CA, which might differ from your own certificate authority. But, regardless of which CA you choose to use, everything should boil down to 3 ".pem" files at the end, one containing your public key that will be delived to the visitor, one containing the fullchain and one containing the private key which will be used by Nginx to decrypt incoming traffic with.
238	238
239		-As such, please change these file paths to the 3 files that you will be using from your respective CA. If in doubt, always ask for professional help from a sysadmin!
	239	+Technically, the ssl_certificate_key should point to your private key file. DO NOT, UNDER ANY CIRCUMSTANCES, GIVE THIS TO ANYONE. This has to be kept private and only you and Nginx should have access to it.
240	240
	241	+chain.pem contains your public certificate along with the CA's intermediate certificate that signed your certificate.
241	241
	243	+fullchain.pem contains everything that chain.pem contains, plus the certificate's authority's own public root certificate, which was used in signing the intermediate certificate mentioned above, one that should be recognized by any visitor's web browser.
	244	+
	245	+As such, please change these file paths to the 3 files that you will be using from your respective CA. If in doubt, always ask for professional help from a sysadmin!
	246	+
242	242	= Testing our setup and deploying =
243	243
244	244	We're almost done! For completeness' sake, here's my gitea.conf Nginx configuration file as well, so that you have a base to start out with: