web analytics

Configuring SSL in nginx

Suppose you have a domain greproot.com for which you want to enable SSL. Make sure you have a dedicated IP for the domain. Say, 1.2.3.4 is the dedicated IP address for greproot.com

First, decide where you want to keep your certs and keys. In my case, I am going to place it in /etc/ssl/certs/ and /etc/ssl/keys respectively.

[root@abc ~]#mkdir /etc/ssl/certs/

[root@abc ~]#mkdir /etc/ssl/keys

Now we need to generate CSR and key for the greproot.com, get the cert signed and then install SSL.

[root@abc ~]#cd /etc/ssl/keys

[root@abc ~]#openssl genrsa -out greproot.com.key 2048

[root@abc ~]# chmod 600 greproot.com.key

[root@abc ~]# cd /etc/ssl/certs/

[root@abc ~]#openssl req -new -key greproot.com.key -out greproot.com.csr

Now we have the CSR and key. If you do not need a signed cert, then you can create a self signed certificate from the above CSR and key. If you need a signed cert, take the CSR to a valid certificate signing authority, get it signed and place it in the server at /etc/ssl/certs/greproot.com.crt

[root@abc ~]#openssl x509 -req -days 365 -in greproot.com.csr -signkey greproot.com.key -out greproot.com.crt

Now, whether it be a valid cert or self signed, you have the certificate at /etc/ssl/certs/greproot.com.crt. Now you need to add this to your nginx configuration file. If you want to access greproot.com with both http and https, you should have two separate server modules in the same configuration file – one for http and other for https. To add SSL, all you need to do is, just copy the server module as such and place it at the end of the file. The second one will be used for SSL and will be modified to mention the cert and key path.

[root@abc ~]# vi /etc/nginx/sites-available/

Just add the following lines, before server_name in the second server module and restart nginx.

server {

listen   1.2.3.4:443 ssl;

ssl    on;
ssl_certificate    /etc/ssl/certs/greproot.com.crt;
ssl_certificate_key    /etc/ssl/certs/greproot.com.key;
server_name greproot.com www.greproot.com

….

}

[root@abc ~]# /etc/rc.d/init.d/nginx restart

Now try accessing the site at https://greproot.com

 

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>