Step-By-Step Procedure To Install SSL/TLS Certificate On Nginx Web Server!
If you have a website that is running on unsecured HTTP protocol on an Nginx web server, and you want to connect your website through a secured HTTPS channel by installing an SSL/TLS certificate on the Nginx web server, then follow this procedure to install SSL/TLS certificate on Nginx web server.
How To Install SSL/TLS Certificate On Nginx Web Server?
The procedure primarily requires a website running on a web server like Apache or Nginx. An SSL/TLS certificate with the private key to enable HTTPS service on your website. In this demonstration, we have covered right from creating a website to configure the website with an SSL/TLS certificate. The whole process consists of these four steps. However, you can ignore the first two steps if you have a site hosted on the Nginx web server and an SSL/TLS certificate with the private key.
- Set up your own web site on Nginx web server.
- Submit the CSR to a Certificate Authority and download the certificate with its private key.
- Configure Nginx configuration file with the SSL/TLS certificate and private key.
- Restart the Nginx services.
Time needed: 30 minutes.
Install SSL/TLS Certificate on Nginx Web Server!
In this section, we will be installing Nginx webserver on Linux Mint and creating a website ‘exampledomain.com’. If you have a site running on Nginx, you can skip this section.
#1. Install Nginx on Linux
$ sudo apt-get install nginx
#2. Check the Status
$ sudo systemctl status nginx
#3. Start Nginx if not started
$ sudo systemctl start nginx
#4. Allow both HTTP and HTTPS on the UFW firewall
$ sudo ufw allow ‘nginx full’
#5. Configure a Server Block on Nginx
Most of the time you may need to host multiple sites/domains on a single web server. Most of the modern web servers accomplish this via virtual hosts. In Nginx, those virtual machines are functioning as server blocks. Nginx has one default server block preconfigured. We are not going to tweak the default server block. We will create a new one for an example site.
#5.1. Create a directory for your site under /var/www/.
$ sudo mkdir -p /var/www/exampledomain.com/html
#5.2. Set the permission and ownership
$ sudo chown $USER:$USER /var/www/exampledomain.com
$ sudo chmod 755 /var/www/exampledomain.com
#5.3. Create an index.html file for the test site using nano editor
$ sudo nano /var/www/exampledomain.com/html/index.html
#5.4. Create the server block configuration file
$ sudo nano /etc/nginx/sites-available/exampledomain.com
#5.5. Create symbolic link of the configuration file
$ sudo ln -s /etc/nginx/sites-available/exampledomain.com /etc/nginx/sites-enabled
#6. Restart the Nginx Service
$ sudo systemctl restart nginx
#7. Add the host file entry. Edit the file /etc/hosts in nano editor
$ sudo nano /etc/hosts
#8. Add the below line right below the localhost entry
127.0.1.1 exampledomain.com www. exampledomain .com
This is how you can create a website on Nginx.
2. Create a CSR, submit the CSR to a Certificate Authority, and download the certificate with its private key.
Certificate Signing Request is the first step to get a Certificate for your website.
#1. Create a CSR for the site with a private key. This command will create two files exampledomain.com.csr and exampledomain.com.key.
$ openssl req -new -newkey rsa:2048 -nodes -keyout exampledomain.com.key -out exampledomain.com.csr
#2. Submit the content of the CSR to your internal or public Certificate Authority to sign the certificate. Once the CA issues the certificate download it to /etc/nginx/ssl/exampledomain.com/ directory on your Nginx server.
#3. Copy the exampledomain.com.key to /etc/nginx/ssl/exampledomain.com/ directory.
Note: You can skip this step if you have the certificate for your site.
3. Configure the Nginx configuration file with the SSL/TLS certificate and private key.
This is the place where you need to link the certificate to your website. Edit the Nginx config file and point the certificate and its private key.
$ sudo nano /etc/nginx/sites-available/exampledomain.com
server {
listen 80;
listen 443 ssl;
root /var/www/exampledomain.com/html;
index index.html index.htm index.nginx.debian.html;
server_name exampledomain.com www.exampledomain.com;
ssl_certificate /etc/nginx/ssl/exampledomain.com/exampledomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/exampledomain.com/exampledomain.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5;
location / {
try_files $uri $uri/ =404;
}
}
4. Restart the Nginx services.
Restart the Nginx service using this domain.
$ sudo systemctl restart nginx
Test the Nginx configuration.
$ sudo nginx -t
If you see a successful message. You can access the site over HTTPS secure channel.
This is how you can install SSL/TLS certificate on the Nginx web server and enable HTTPS communication on your website.
Thanks for reading this post. Please let us know if you want to know more about this. We recommend to read the below post to know in detail. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
This post is originally published at thesecmaster.com
We thank everybody who has been supporting our work and requests you check out thesecmaster.com for more such articles.
