Subscribe to Email Updates

    Settings | 2 min read

    How to enable SSL on NGINX

    There are multiple types of certificates that can be used to enable SSL on NGINX. The first type we describe in this post is the self-signed.

    Self-Signed Certificate

    Preamble

    We consider in this example the following parameters 

    • Certificate validity period of key SSL is 365 days
    • Private key file name is "server.key"
    • Certificate file name is "server.crt"

    1. Creation of the self-signed certificate 


    [root@nodeum-qualif]# cd /opt/nginx
    [root@nodeum-qualif nginx]# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
    Generating a RSA private key ..........+++++
    ..................................................................................................................+++++
    writing new private key to '/ opt/nginx/secret.key' ----
    You are about to be asked to enter information that will be incorporated into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value, If you enter '.', the field will be left blank.
    ----
    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:California
    Locality Name (eg, city) []:Newyork
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Webdock
    Organizational Unit Name (eg, section) []:IT
    Common Name (e.g. server FQDN or YOUR name) []:site1.example.com
    Email Address []:admin@example.com
    Please enter the following 'extra' attributes to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    [root@nodeum-qualif nginx]# sudo openssl dhparam -out dhparam.pem 2048

    Once done, it's required to update the NGINX configuration file , we recommend to backup the configuration before any changes.

    [root@nodeum-qualif nginx]# cd ./conf/ 
    [root@nodeum-qualif conf]# vi nginx.conf
    ...
    server {       
    listen 80;

    # ADD SSL CONFIG    
    listen 443 ssl;    
    server_name nodeum-qualif.mt-c.local;        
    ssl_certificate      /opt/nginx/server.crt;        
    ssl_certificate_key  /opt/nginx/server.key;        
    ssl_dhparam             /opt/nginx/dhparam.pem;
    # END SSL CONFIG

    ...
    server {    
    listen 80;

    # ADD SSL CONFIG    
    listen 443 ssl;    
    server_name nodeum-qualif.mt-c.local;        
    ssl_certificate      /opt/nginx/server.crt;        
    ssl_certificate_key  /opt/nginx/server.key;        
    ssl_dhparam             /opt/nginx/dhparam.pem;
    # END SSL CONFIG

    ...     
    server {        
    listen       80;

    # ADD SSL CONFIG    
    listen 443 ssl;    
    server_name nodeum-qualif.mt-c.local;        
    ssl_certificate      /opt/nginx/server.crt;        
    ssl_certificate_key  /opt/nginx/server.key;        
    ssl_dhparam             /opt/nginx/dhparam.pem;
    # END SSL CONFIG

    ...

     

     

    Related Categories

    Settings

    You may also like:

    Settings

    Software Appliance Backup feature

    Software Appliance Backup Feature This backup feature save all important information which allow a restoration of the sy...

    Settings

    General Settings

    General Configuration Type Description Example Administrator see everything  if enable, this allow all "administrator ac...

    Settings

    Network Configuration

    Description Nodeum is a software running on a Linux Operating System. The network interface(s) and IP configuration(s) a...

    Let Us Know What You Thought about this Post.

    Put your Comment Below.

    Learn and grow with award-winning support and a thriving community behind you.

    Get the free version