Enable the SSL configuration method in the Nginx server
- 2020-05-14 05:26:02
- OfStack
Generate a certificate
You can generate a simple certificate by following these steps:
First, go to the directory where you want to create the certificate and private key, for example:
$ cd /usr/local/nginx/conf
Create a server private key and the command will ask you to enter a password:
$ openssl genrsa -des3 -out server.key 1024
Create a certificate to sign the request (CSR) :
$ openssl req -new -key server.key -out server.csr
Remove the required password when loading Nginx supported by SSL and using the private key above:
$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key
Enable 1 SSL virtual host
In the nginx.conf configuration file:
server {
listen 443;
server_name example.com;
root /apps/www;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;
}
Where ssl_certificate represents the CA file and ssl_certificate_key represents the key file.
If you want to force an http request to https, you can do this:
server {
listen 80;
server_name example.me;
return 301 https://$server_name$request_uri;
}