Monday, December 16, 2013

Using self signed certificates and enabling SSL on nginx

Note: Only recommended for development environment. Not for production. 

Assuming that your nginx installation is located at
/etc/nginx 
create a directory
/etc/nginx/ssl
. We are going to host our certificates in the above directory. Step 1: Create a key, enter passphrase when asked
sudo openssl genrsa -des3 -out server.key 1024 
Step 2: Use the key generated in step 1 to generate a CSR(certificate signing request)
sudo openssl req -new -key server.key -out server.csr
Enter the required information. Make sure you enter the FQDN when asked. Step 3: Remove the passphrase as we don't want to enter it each time we want to start nginx. (Useful when daemonizing)
sudo cp server.key server.key.org
sudo openssl rsa -in server.key.org -out server.key
Step 4: Use the CSR and the Key generated in the above steps to create a Certificate.
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Here is the sample nginx configuration to get your site up and running.
server{
  listen                443 ssl; # default;
  server_name           example.com;
  root                  /var/www/approot/public;

  ssl on;
  ssl_certificate         /etc/nginx/ssl/server.crt;
  ssl_certificate_key     /etc/nginx/ssl/server.key;

  location / {
    access_log          off;
    include proxy_params;
    proxy_redirect off;
    proxy_set_header X-Forwarded-Proto https;
    proxy_pass    http://upstream;
  }
}