Https nginx

From VoIPmonitor.org
Revision as of 14:24, 7 July 2023 by Festr (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Nginx

Generating Self-Signed SSL Certificates

First, generate a new private key and a self-signed certificate. Navigate to the SSL directory and create the certificates using these commands: 

sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Answer the series of questions to generate the certificate.

Configuring Nginx to Use SSL

Now, configure Nginx to use the self-signed certificate and private key.

Open the default Nginx server block file: 

sudo nano /etc/nginx/sites-available/default

Find the section that begins with server and update it to include the ssl directive and point to your SSL certificate and private key. Also, set up a redirection from HTTP to HTTPS: 

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name your_domain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    . . .
}

Save and exit the file.

Restarting Nginx

Finally, test the configuration and restart Nginx to apply our changes: 

sudo nginx -t
sudo systemctl restart nginx

Now, you should be able to access your site via https://. Since this is a self-signed certificate, browsers will generally show a warning because they cannot validate the certificate. However, all traffic should now be redirected to HTTPS.

Retrieved from "https://www.voipmonitor.org//doc/index.php?title=Https_nginx&oldid=4501"