Security is one of the main concerns that needs to be addressed on priority for all applications or websites. All websites are required to have a valid SSL certificate installed in order to encrypt the data packets/traffic between users & websites. Even web browsers show a warning when we visit a website that does not have SSL certificate installed.
In this tutorial, we will discuss how we can perform Nginx SSL configuration to configure a SSL certificate to secure our websites hosted on Nginx. So start the complete process for Nginx SSL configuration but let’s discuss the prerequisites first.
- Must have Nginx installed on our systems, you can refer to our tutorials to install Nginx on CentOS/RHEL or Ubuntu or even install Nginx from source.
Now let’s move on to Nginx SSL configuration part. We will first be creating a self-signed certificate first & then will configure the Nginx web server to use that certificate.
Recommended Read: Create a SELF-SIGNED SSL Certificate in Linux
Create a self signed certificate
Create a certificate with the following command,
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/shusain/test.key -out /home/shusain/test.crt
here, openssl command is used for managing ssl,
req –x509 is public key infrastructure for ssl,
-nodes, means we don’t need a passphrase,
-days 365 is the validity of the certificate in days,
-newkey rsa:2048 means cert will 2048 bit long & uses RSA as encryption,
-keyout,provides the location for private key,
-out provides the place our SSL certificate.
So now, we have our private key (home/shusain/test.key) & a self signed certificate (home/shusain/test.crt). We need both these to configure ssl certificates in nginx.
So let’s move them to a new folder for ease of administration,
# mkdir /etc/nginx/ssl
# mv /home/shusain/test.key /etc/nginx/ssl/
# mv /home/shusain/test.crt /etc/nginx/ssl/
Now let’s move on to next step i.e. Nginx SSL configuration.
Nginx SSL configuration
Now that we have the required private key and certificate with us, we configure the SSL certificate in Nginx. We can use ‘/etc/nginx/nginx.conf’ to configura the ssl in Nginx but it is advisable to create a separate file for ssl,
# vi /etc/nginx/conf.d/ssl.conf
& enter the following lines to the file,
listen 443 ssl;
index index.html index.htm index.nginx-debian.html;
All we have to do is to reload the nginx configuration to complete the Nginx SSL configuration & install ssl certificate in Nginx,
# systemctl reload nginx
Now we can access our website with the https followed by the website URL,
Since we are using a self-signed certificate, we might get a warning but we can ignore that & click on ‘Proceed anyway’ to open the website.
Additional Parameters for SSL
The above-mentioned parameters are the basic configuration for SSL, we can actually select a number of options like TLS versions. Ciphers suites as well depending on our need.
An example to additional parameters that can be used are,
listen 443 ssl;
index index.html index.htm;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
resolver 126.96.36.199 188.8.131.52 valid=300s;
add_header Strict-Transport-Security “max-age=63072000; includeSubdomains”;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
This completes our tutorial on how to perform Nginx SSL configuration & install a SSL certificate in Nginx. Please feel free to send in any questions or queries using the comment box below.