Securing your NGINX web server is essential to protect your online resources in today's digital landscape. Securing your website will boost your website's trustworthiness and ensure the privacy of your users' information. SSL is a secure socket layer protocol that safeguards your data and ensures your users' privacy. It creates a secure and encrypted connection between your web server and the user's browser to protect sensitive information, such as login credentials and personal details.
In this guide, we will walk you through the process of setting up SSL on the NGINX web server. In this post, we will explain two different methods to implement SSL on NGINX.
Before we get started, make sure you have the following:
A self-signed certificate is not signed by a certificate authority. It is designed for the internal network and development environment. It is not suitable for production environments.
Here are the steps to implement self-signed SSL on the NGINX server.
Step 1 - Create a private key and a certificate signing request (CSR) using the following command.
openssl req -nodes -newkey rsa:2048 -keyout /etc/ssl/my-private.key -out /etc/ssl/my-request.csr
Provide your certificate information as shown below:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) \[AU]:US
State or Province Name (full name) \[Some-State]:FL
Locality Name (eg, city) \[]:newyork
Organization Name (eg, company) \[Internet Widgits Pty Ltd]:alibaba
Organizational Unit Name (eg, section) \[]:IT
Common Name (e.g. server FQDN) \[]:domain.com
Email Address \[]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password \[]:
An optional company name \[]:
Step 2 - Generate the SSL certificate using the above certificate.
openssl x509 -in /etc/ssl/my-request.csr -out /etc/ssl/certificate.crt -req -signkey /etc/ssl/my-private.key -days 365
You will see the following output.
Certificate request self-signature ok
subject=C = US, ST = FL, L = newyork, O = alibaba, OU = IT, CN = domain.com
Step 3 - Next, you will need to edit your NGINX virtual host configuration file and configure it to use the generated SSL.
nano /etc/nginx/conf.d/your-website.conf
Add the following configurations:
server {
listen 443 ssl;
server_name your-domain.com;
ssl_certificate /etc/ssl/certificate.crt;
ssl_certificate_key /etc/ssl/my-private.key;
ssl_protocols TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
\# ... other server configuration ...
}
Save and close the file then reload NGINX to apply the SSL configuration:
systemctl reload nginx
Finally, open your web browser and access your website to test the SSL.
In this method, you will need to buy SSL certificate from any trusted Certificate Authority (CA) or any authorized reseller of SSL certificate.
Here's a step-by-step guide on how to secure Nginx using a commercial SSL certificate:
Step 1 - Purchase an SSL certificate from any trusted CA. You will need to provide information about your domain and organization during the purchase process.
Step 2 - After completing the purchasing process, CA will send you the SSL certificate and intermediate certificate via email.
Step 3 - After obtaining all certificates, you will need to upload all files to your server using any secure file transfer methods. Place all files at default location /etc/nginx/ssl/.
Step 4 - Edit the NGINX virtual host configuration file for your website.
nano /etc/nginx/conf.d/your-website.conf
Add the following configurations to define the path of your SSL certificates.
server {
listen 443 ssl;
server_name your-domain.com;
ssl_certificate /etc/nginx/ssl/your_domain.crt;
ssl_certificate_key /etc/nginx/ssl/your_domain.key;
ssl_trusted_certificate /etc/nginx/ssl/intermediate.crt;
\# ... other server configuration ...
}
Save and close the file when you are done then restart the NGINX service to apply the changes.
systemctl restart nginx
Step 5 - Open your web browser and access your website securely using the URL https://your-domain.com. You can also use the online SSL testing tool like SSL Lab to verify your SSL.
In this guide, we showed you two different ways to secure your NGINX server with an SSL certificate. You can now follow any of the above methods to implement an SSL on the NGINX server to safeguard your users' privacy and website data.
38 posts | 4 followers
FollowAlibaba Cloud Community - October 20, 2023
Hironobu Ohara - June 26, 2023
Alibaba Clouder - August 15, 2018
Alibaba Clouder - June 24, 2020
Arman Ali - June 30, 2021
Alibaba Clouder - December 6, 2017
38 posts | 4 followers
Follow
Alibaba Cloud Linux
Alibaba Cloud Linux is a free-to-use, native operating system that provides a stable, reliable, and high-performance environment for your applications.
Learn More
Certificate Management Service
You can use Certificate Management Service to issue, deploy, and manage public and private SSL/TLS certificates.
Learn More
ECS(Elastic Compute Service)
Elastic and secure virtual cloud servers to cater all your cloud hosting needs.
Learn More
ECS Bare Metal Instance
An elastic and horizontally scalable high-performance computing service providing the same computing performance as traditional physical servers including physical isolation.
Learn MoreMore Posts by Hiteshjethva