Difference between revisions of "Https nginx"
Jump to navigation
Jump to search
(Created page with "== Nginx == === Generating Self-Signed SSL Certificates === First, we will generate a new private key and a self-signed certificate. Navigate to the SSL directory and create...") |
|||
| Line 3: | Line 3: | ||
=== Generating Self-Signed SSL Certificates === | === Generating Self-Signed SSL Certificates === | ||
| − | First, | + | First, generate a new private key and a self-signed certificate. Navigate to the SSL directory and create the certificates using these commands: |
<pre> | <pre> | ||
| Line 9: | Line 9: | ||
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt | sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt | ||
</pre> | </pre> | ||
| − | Answer the series of questions | + | Answer the series of questions to generate the certificate. |
=== Configuring Nginx to Use SSL === | === Configuring Nginx to Use SSL === | ||
| − | Now | + | Now, configure Nginx to use the self-signed certificate and private key. |
| − | Open the default Nginx server block file | + | Open the default Nginx server block file: |
<pre> | <pre> | ||
sudo nano /etc/nginx/sites-available/default | sudo nano /etc/nginx/sites-available/default | ||
</pre> | </pre> | ||
| − | Find the section that begins with '''server''' and update it to include the '''ssl''' directive and point to your SSL certificate and private key | + | Find the section that begins with '''server''' and update it to include the '''ssl''' directive and point to your SSL certificate and private key. Also, set up a redirection from HTTP to HTTPS: |
<pre> | <pre> | ||
| Line 26: | Line 26: | ||
listen 80 default_server; | listen 80 default_server; | ||
listen [::]:80 default_server; | listen [::]:80 default_server; | ||
| + | server_name your_domain.com; | ||
| + | return 301 https://$host$request_uri; | ||
| + | } | ||
| + | server { | ||
listen 443 ssl default_server; | listen 443 ssl default_server; | ||
listen [::]:443 ssl default_server; | listen [::]:443 ssl default_server; | ||
| − | |||
ssl_certificate /etc/nginx/ssl/nginx.crt; | ssl_certificate /etc/nginx/ssl/nginx.crt; | ||
ssl_certificate_key /etc/nginx/ssl/nginx.key; | ssl_certificate_key /etc/nginx/ssl/nginx.key; | ||
| − | |||
. . . | . . . | ||
} | } | ||
| Line 46: | Line 48: | ||
sudo systemctl restart nginx | sudo systemctl restart nginx | ||
</pre> | </pre> | ||
| − | Now, you should be able to access your site via https://. | + | Now, you should be able to access your site via https://. Since this is a self-signed certificate, browsers will generally show a warning because they cannot validate the certificate. However, all traffic should now be redirected to HTTPS. |
Latest revision as of 15:24, 7 July 2023
Nginx
Generating Self-Signed SSL Certificates
First, generate a new private key and a self-signed certificate. Navigate to the SSL directory and create the certificates using these commands:
sudo mkdir /etc/nginx/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
Answer the series of questions to generate the certificate.
Configuring Nginx to Use SSL
Now, configure Nginx to use the self-signed certificate and private key.
Open the default Nginx server block file:
sudo nano /etc/nginx/sites-available/default
Find the section that begins with server and update it to include the ssl directive and point to your SSL certificate and private key. Also, set up a redirection from HTTP to HTTPS:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name your_domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
. . .
}
Save and exit the file.
Restarting Nginx
Finally, test the configuration and restart Nginx to apply our changes:
sudo nginx -t sudo systemctl restart nginx
Now, you should be able to access your site via https://. Since this is a self-signed certificate, browsers will generally show a warning because they cannot validate the certificate. However, all traffic should now be redirected to HTTPS.