Thursday, February 23, 2012

nginx Self-Signed SSL

In this tutorial, I will be setting up nginx to listen on 443 for SSL connections. I will be creating a self-signed SSL certificate. I am running Ubuntu Server 10.04, your configuration locations may be slightly different.

Sources:

1) Generate a Private Key

openssl genrsa -des3 -out server.key 1024

2) Generate a CSR

openssl req -new -key server.key -out server.csr

3) Remove Passphrase from Key

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key


4) Generating a Self-Signed Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

5) Copy the .crt and .key files to /etc/ssl/

cp server.crt /etc/ssl/certs/
cp server.key /etc/ssl/private/


6) Configure nginx

Add the following to /etc/nginx/sites-available/default

ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;

server {
    listen 443;
    ssl on;
    location / {
        proxy_pass http://127.0.0.1:8080;

    }
}


Of course, if you're not running nginx as a reverse proxy, your information in location / {} will be different. This is only an example to illustrate the use of the extra SSL options.

Reboot nginx

/etc/init.d/nginx restart

If everything goes well, you should be able to browse to https://127.0.0.1 (where 127.0.0.1 is the IP of your server).

1 comment:

  1. Thank you for sharing this information. This article is very interesting and useful. Keep up the good work!

    ReplyDelete