Https nginx

From VoIPmonitor.org
Revision as of 15:20, 7 July 2023 by Festr (talk | contribs) (Created page with "== Nginx == === Generating Self-Signed SSL Certificates === First, we will generate a new private key and a self-signed certificate. Navigate to the SSL directory and create...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Nginx

Generating Self-Signed SSL Certificates

First, we will generate a new private key and a self-signed certificate. Navigate to the SSL directory and create the certificates using these commands: 

sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Answer the series of questions appropriately to generate the certificate.

Configuring Nginx to Use SSL

Now that we have our self-signed certificate and private key, we can tell Nginx how to use these to secure traffic.

Open the default Nginx server block file. 

sudo nano /etc/nginx/sites-available/default

Find the section that begins with server and update it to include the ssl directive and point to your SSL certificate and private key like so: 

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    . . .
}

Save and exit the file.

Restarting Nginx

Finally, test the configuration and restart Nginx to apply our changes: 

sudo nginx -t
sudo systemctl restart nginx

Now, you should be able to access your site via https://. Remember that since this is a self-signed certificate, browsers will generally show a warning since they cannot validate the certificate.

Retrieved from "https://www.voipmonitor.org//doc/index.php?title=Https_nginx&oldid=4492"