Using self signed certificates and enabling SSL on nginx

Note: Only recommended for development environment. Not for production. 

Assuming that your nginx installation is located at

/etc/nginx

create the directory ‘ssl’. We will be hosting our certificates in this directory.

/etc/nginx/ssl

Step 1: Create a key, enter passphrase when asked

sudo openssl genrsa -des3 -out server.key 1024

Step 2: Use the key generated in step 1 to generate a CSR(certificate signing request)

sudo openssl req -new -key server.key -out server.csr

Make sure you enter the FQDN when asked.

Step 3: Remove the passphrase as we don’t want to enter it each time we want to start nginx. (Useful when daemonizing)

sudo cp server.key server.key.org
sudo openssl rsa -in server.key.org -out server.key

Step 4: Use the CSR and the Key generated in the above steps to create a Certificate.

sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Here is the sample nginx configuration to get your site up and running.

server{
  listen                443 ssl; # default;
  server_name           example.com;
  root                  /var/www/approot/public;

  ssl on;
  ssl_certificate         /etc/nginx/ssl/server.crt;
  ssl_certificate_key     /etc/nginx/ssl/server.key;

  location / {
    access_log          off;
    include proxy_params;
    proxy_redirect off;
    proxy_set_header X-Forwarded-Proto https;
    proxy_pass    http://upstream;
  }
}

Leave a Reply

Your email address will not be published. Required fields are marked *