How to install self signed SSL in Nginx

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. NGINX is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.

This tutorial explains the detailed steps to install self signed SSL centificate in Nginx server.

Step1: Create the folder to save key and certificate

#mkdir /etc/nginx/certs

Step2: Change the location to this new folder

#cd /etc/nginx/certs

Step3: Create the key and certificate

#openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/domain.key -out /etc/nginx/domain.crt

Note to replace domain with the required domain name.

Step4: Open the Nginx configuration file.

#vi /etc/nginx/sites-enabled/default

Step5: Update the configuration file with the certficate name and key name

server {
         listen 80;
         return 301 https://$host$request_uri;
}

server {

         listen 443;
         server_name domain.com;

         ssl_certificate /etc/nginx/domain.crt;
         ssl_certificate_key /etc/nginx/domain.key;

         ssl on;
         ssl_session_cache builtin:1000 shared:SSL:10m;
         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
         ssl_prefer_server_ciphers on;

         access_log /var/log/nginx/domain.access.log;

         location / {

              proxy_set_header Host $host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Proto $scheme;
         }
}

Note to replace domain with the required domain name.

Step6: Restart Nginx service

#service nginx restart

That's all....

Leave a Reply

Your email address will not be published. Required fields are marked *