Https nginx: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== Nginx == === Generating Self-Signed SSL Certificates === First, we will generate a new private key and a self-signed certificate. Navigate to the SSL directory and create...") |
No edit summary |
||
| Line 3: | Line 3: | ||
=== Generating Self-Signed SSL Certificates === | === Generating Self-Signed SSL Certificates === | ||
First, | First, generate a new private key and a self-signed certificate. Navigate to the SSL directory and create the certificates using these commands: | ||
<pre> | <pre> | ||
| Line 9: | Line 9: | ||
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt | sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt | ||
</pre> | </pre> | ||
Answer the series of questions | Answer the series of questions to generate the certificate. | ||
=== Configuring Nginx to Use SSL === | === Configuring Nginx to Use SSL === | ||
Now | Now, configure Nginx to use the self-signed certificate and private key. | ||
Open the default Nginx server block file | Open the default Nginx server block file: | ||
<pre> | <pre> | ||
sudo nano /etc/nginx/sites-available/default | sudo nano /etc/nginx/sites-available/default | ||
</pre> | </pre> | ||
Find the section that begins with '''server''' and update it to include the '''ssl''' directive and point to your SSL certificate and private key | Find the section that begins with '''server''' and update it to include the '''ssl''' directive and point to your SSL certificate and private key. Also, set up a redirection from HTTP to HTTPS: | ||
<pre> | <pre> | ||
| Line 26: | Line 26: | ||
listen 80 default_server; | listen 80 default_server; | ||
listen [::]:80 default_server; | listen [::]:80 default_server; | ||
server_name your_domain.com; | |||
return 301 https://$host$request_uri; | |||
} | |||
server { | |||
listen 443 ssl default_server; | listen 443 ssl default_server; | ||
listen [::]:443 ssl default_server; | listen [::]:443 ssl default_server; | ||
ssl_certificate /etc/nginx/ssl/nginx.crt; | ssl_certificate /etc/nginx/ssl/nginx.crt; | ||
ssl_certificate_key /etc/nginx/ssl/nginx.key; | ssl_certificate_key /etc/nginx/ssl/nginx.key; | ||
. . . | . . . | ||
} | } | ||
| Line 46: | Line 48: | ||
sudo systemctl restart nginx | sudo systemctl restart nginx | ||
</pre> | </pre> | ||
Now, you should be able to access your site via https://. | Now, you should be able to access your site via https://. Since this is a self-signed certificate, browsers will generally show a warning because they cannot validate the certificate. However, all traffic should now be redirected to HTTPS. | ||
Latest revision as of 14:24, 7 July 2023
Nginx
Generating Self-Signed SSL Certificates
First, generate a new private key and a self-signed certificate. Navigate to the SSL directory and create the certificates using these commands:
sudo mkdir /etc/nginx/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
Answer the series of questions to generate the certificate.
Configuring Nginx to Use SSL
Now, configure Nginx to use the self-signed certificate and private key.
Open the default Nginx server block file:
sudo nano /etc/nginx/sites-available/default
Find the section that begins with server and update it to include the ssl directive and point to your SSL certificate and private key. Also, set up a redirection from HTTP to HTTPS:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name your_domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
. . .
}
Save and exit the file.
Restarting Nginx
Finally, test the configuration and restart Nginx to apply our changes:
sudo nginx -t sudo systemctl restart nginx
Now, you should be able to access your site via https://. Since this is a self-signed certificate, browsers will generally show a warning because they cannot validate the certificate. However, all traffic should now be redirected to HTTPS.