Generate SSL cert and configure into Nginx (website)

Download the “certbot-auto” utility

1 2 3 4 5 wget https://dl.eff.org/certbot-auto sudo cp certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto certbot-auto --help

Command to renew the SSL certificate (for particular domain)

1 certbot-auto certonly --webroot --webroot-path=/var/www/html -d <domain-name>

Example:

To renew the certificate of OpenSpecimen site.

1 certbot-auto certonly --webroot --webroot-path=/var/www/preprod.openspecimen.org/public_html -d www.openspecimen.org

Renew the certificate of forums site.

1 certbot-auto certonly --webroot --webroot-path=/var/www/html -d forums.openspecimen.org

Configuring SSL into Nginx

Create configuration file into ‘/etc/nginx/sites-avaiable/site.conf’ directory. Given below is example template to configure SSL into Nginx. (Proxy configuration will change as per application/site).

Example:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 server { listen 80; server_name <host-name>; root /var/www/html; return 301 https://$host$request_uri; } server { listen 443; server_name <host-name; root /var/www/html; ssl_certificate <absolute-path-of-cert-file>; ssl_certificate_key <absolute-path-of-private-key>; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on; #Proxy configuration location / { proxy_pass http://127.0.0.1:9966; proxy_set_header Host $host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ~ /.well-known { allow all; } }

Once the SSL certificates are generated and configured, restart the nginx service.

Restart: service nginx restart

Stop: service nginx stop

Start: service nginx start

Test configuration: nginx -t