How to install the ssl certificate on nginx reverse proxy

How to install the ssl certificate on nginx reverse proxy



Step 1: first create the CSR using the below command: 


openssl req -new -newkey rsa:2048 -nodes -keyout shortz.live.key -out shortz.live.csr


Step 2:  This above command will generate two files in your present working directory, first file                      will be csr and the second one will be the private key file.


Step 3: Generate the SSL certificate using the csr and then upload the ssl certificate on the server and move the ssl certificate and private key in the /etc/nginx/conf.d directory to make the task easy.


Step 4: Then create a ssl configuration file which should be named as like ssl.domain.conf


Step 5 : Ssl configuration file content should be like as below: 



server {

    #listen       8443 ssl http2 ;

    #listen       [::]:8443 ssl;

    listen       443 ssl http2;

    listen       [::]:443 ssl;


    server_name  shortz.live;

    root         /usr/share/nginx/html;

    #access_log  /var/log/nginx/access.globobill.globocom.info.log  main

    access_log  /var/log/nginx/access.ssl.shortz.live.log main;


    ssl_certificate /etc/nginx/conf.d/shortz_live.crt;

    ssl_certificate_key /etc/nginx/conf.d/shortz.live.key;

    ssl_session_cache shared:SSL:1m;

    ssl_session_timeout  10m;

    ssl_ciphers HIGH:!aNULL:!MD5;

    ssl_prefer_server_ciphers on;

    #ssl on;

    charset      utf-8;


    #include /etc/nginx/default.d/*.conf;


        location /mglobopay/ {

                #proxy_read_timeout 300;

                proxy_set_header Host $host;

                proxy_set_header X-Forwarded-Server $host;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_cookie_path ~*^/.* /;

               #proxy_pass      http://port_http_221;


                #proxy_pass         http://port_http_gc3.1;

        }

        location /app_json {

                             #proxy_set_header X-Real-IP $remote_addr;

                root         /opt/apache-tomcat-8.0.20/webapps/website;

        }

        location / {

                  proxy_set_header X-Real-IP $remote_addr;

                #limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;

                #proxy_read_timeout 300;

                proxy_set_header Host $host;

                proxy_set_header X-Forwarded-Server $host;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_cookie_path ~*^/.* /;

               proxy_pass      http://localhost:8080;

               proxy_redirect      http://localhost:8080 https://shortz.live;


               #proxy_pass         http://port_http_gc3.1;

        }



        error_page 404 /404.html;

            location = /40x.html {

        }


        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }


}



Step 6: Once you enter all the details in the above file then save the file afterward restart the nginx service.


Step 7: Then you need to make the entry in nginx.conf file for your ssl configuration file as given below: 



  

  include /etc/nginx/conf.d/timeout.conf;

    #include /etc/nginx/conf.d/*.conf;

    include /etc/nginx/conf.d/ssl.app.globocom.conf;

    include /etc/nginx/conf.d/api1.globocom.info.conf;

    include /etc/nginx/conf.d/api2.globocom.info.conf;

    include /etc/nginx/conf.d/default.conf;

    include /etc/nginx/conf.d/app.globocom.info.conf;

    include /etc/nginx/conf.d/globobill1.globocom.info.conf;

    include /etc/nginx/conf.d/kz.wap1.globocom.info.conf;

    include /etc/nginx/conf.d/wap1.globocom.info.conf;

    include /etc/nginx/conf.d/ssl.globobill.globocom.conf;

    include /etc/nginx/conf.d/globoapps.in.conf;

    include /etc/nginx/conf.d/api3.globocom.info.conf;

    include /etc/nginx/conf.d/ssl.shortz.conf;

    #include /etc/nginx/conf.d/monitoringservice.globocom.info.conf;

    #include /etc/nginx/conf.d/rabbitmq.conf;

   #include /etc/nginx/conf.d/ssl.shortz.conf;


Step 8: Now restart the nginx and check while ssl should be running.




Thank You :) 


    • Related Articles

    • Deploy Django Applications Using Nginx and uWSGI on Ubuntu 14.04

      Django is a Python Web Platform of high standards that promotes fast development and clean, pragmatic design. A description on using uWSGI and nginx on Ubuntu 14.04 is given in this document. Before You Begin 1. Get acquainted with the starting guide ...

    • Install CWP in Centos 7

      CWP is an free and paid license based hosting panel for managing website database,emails,file,etc using a single Panel. In this article we will discuss how to install CWP in Centos 7 Software Requirements You must have a clean/fresh installation of ...

    • Install Plesk on CentOS 7

      Plesk is a private web host panel that provides users with the ability to administer websites, databases, emails and domains for their personal and/or custome clients. Allows simple point-and-click administration / maintenance via a browser. Install ...

    • Install VnStat Network Monitoring on CentOS 7

      Console based network traffic monitoring This article will help you install VnStat network monitoring on your CentOS 7 server. VnStat is console based network traffic monitor for Linux. This will help monitor multiple interfaces at the same time. ...

    • How to Install PHP in CentOS 7

      PHP is the part of our setup that processes code for dynamic content display. It can run scripts, link to our MySQL databases, and view processed content to our web server. Step 1: We can use the following command for the installation of our ...