ScaleScaleScaleScale

Tips / Nginx


How to install a SSL Certificate on Nginx

Installing a SSL certificate on Nginx is not hard, but requires a few steps to complete the task. In this tutorial I will teach you how to enable ssl support and install a SSL certificate on a certain website based. If you have an e-commerce website, or deal with customers with sensitive data, a SSL certificate is the best money you can spent to encrypt your online information.

Package and Directory Requirements

yum install openssl  openssl-devel
mkdir /etc/nginx/{ssl.key,ssl.csr,ssl.crt} -p

Generate key and csr file for your domain

openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl.key/nginxtips.com.key -out /etc/nginx/ssl.csr/nginxtips.com.csr

Send the CSR code to the SSL provider, and then your SSL provider should give you a CRT code, once you got that CRT text, create a new file:

pico -w /etc/nginx/ssl.crt/nginxtips.com.crt

Finally, let’s configure SSL support for Nginx at the virtual host configuration for nginxtips.com.
Inside the server block configuration we will add this lines:

listen 10.1.2.3:443;
ssl on;
ssl_certificate /etc/nginx/ssl.crt/nginxtips.com.crt;
ssl_certificate_key /etc/nginx/ssl.key/nginxtips.com.key;
rewrite     ^   https://$server_name$request_uri? permanent;

The first four lines enable ssl to listen at port 443 and then set the crt and key files location, the last rewrite line redirects all the traffic from http to https. So, once ready, your virtual host configuration should look similar to this:

server {

access_log off;
error_log /etc/nginx/logs/vhost-error_log warn;

listen 80;
listen 10.1.2.3:443;

ssl on;
server_name nginxtips.com www.nginxtips.com;
ssl_certificate /etc/nginx/ssl.crt/nginxtips.com.crt;
ssl_certificate_key /etc/nginx/ssl.key/nginxtips.com.key;
rewrite     ^   https://$server_name$request_uri? permanent;
...
...

...the rest of your config goes here....
...
...
}

Be sure to replace “10.1.2.3” with the dedicated IP you are using for your SSL domain/subdomain.

Restart nginx to apply changes

service nginx restart

Then browse an ssl page to test your SSL site using https://www.yoursite.com

Note: if the redirect doesn’t work well using the line posted before, you can try with this:

if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }

Popular search terms:

  • requesting a new certificate using nginx
profile

Esteban Borges

Linux Geek, Webperf Addict, Nginx Fan. CTO @Infranetworking