Run your Website over https
Https is a protocol which is used for secure communication over internet. Here we will learn how to make our own website to run over https protocol.
Prerequisites:
- Public IP or Domain name of the server
- Sudo privileges on the server
- Nginx installed
Steps:
1. Either purchase the CA signed certificate from third parties like Godaddy, Bigrock etc or Create our own self signed certificate.
CA signed certificate will work normally as other htpps site works, but in self signed certificate, you will get exception like this:
So do not apply self signed certificate in production, as it will give above error to your users. It is proper for internal environment only.
To create self signed certificate, follow the below steps:
- Create a directory, where you will put our certificates.
sudo mkdir -p /etc/ssl/certs
- Now, move into this directory
cd /etc/ssl/certs
- Create SSL certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx.key -out nginx.crt
This command will ask you certain questions like:Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:MH Locality Name (eg, city) []:Mumbai Organization Name (eg, company) [Internet Widgits Pty Ltd]:XYZ, Inc. Organizational Unit Name (eg, section) []:ABC Common Name (e.g. server FQDN or YOUR name) []:your_domain.com Email Address []:admin@dfg.com
Be careful, while providing, Common Name for your certificate, as it certificate will work for that Common Name only. You can provide IP or domain name here. If you want to create single certificate for all your sub domains then you can put entry like "*.your_domain.com". Certificate created with this domain name will be valid for all your subdomains that has domain your_domain.com - Now, configure our Nginx configuration file. You must have "Server" block inside your nginx file as below:
server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name your_domain.com; root /usr/share/nginx/html; ... }
We need to add some extra configuration lines, as below:server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; listen 443 ssl; root /usr/share/nginx/html; server_name your_domain.com; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; ... }
Save this configuration, and restart the nginx.sudo service nginx restart
Now, try to access your domain over https. It will work! Thanks.
Above command will generate two files:
1. Key file (nginx.key)
2 SSL certificate (nginx.crt)
Note: As, we specified "-days 365", this certificate will be valid till 365 days from the date of creation.
Now, we have our self signed certificate.
nice one
ReplyDelete