Generate SSL cert and configure into Nginx (website)
Got feedback or spotted a mistake?
Leave a comment at the end of this page or email contact@krishagni.com
Generate SSL cert and configure into Nginx (website)
- Krishna Waidande (Unlicensed)
Owned by Krishna Waidande (Unlicensed)
Last updated: Oct 26, 2020
Download the “certbot-auto” utility
wget https://dl.eff.org/certbot-auto
sudo cp certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
certbot-auto --helpCommand to renew the SSL certificate (for particular domain)
certbot-auto certonly --webroot --webroot-path=/var/www/html -d <domain-name>Example:
To renew the certificate of OpenSpecimen site.
certbot-auto certonly --webroot --webroot-path=/var/www/preprod.openspecimen.org/public_html -d www.openspecimen.orgRenew the certificate of forums site.
certbot-auto certonly --webroot --webroot-path=/var/www/html -d forums.openspecimen.orgConfiguring SSL into Nginx
Create configuration file into ‘/etc/nginx/sites-avaiable/site.conf’ directory. Given below is example template to configure SSL into Nginx. (Proxy configuration will change as per application/site).
Example:
server {
listen 80;
server_name <host-name>;
root /var/www/html;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name <host-name;
root /var/www/html;
ssl_certificate <absolute-path-of-cert-file>;
ssl_certificate_key <absolute-path-of-private-key>;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
#Proxy configuration
location / {
proxy_pass http://127.0.0.1:9966;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ /.well-known {
allow all;
}
}Once the SSL certificates are generated and configured, restart the nginx service.
Restart: service nginx restart
Stop: service nginx stop
Start: service nginx start
Test configuration: nginx -t
, multiple selections available,
Related content
HTTP 405: Requests from origin server not allowed.
HTTP 405: Requests from origin server not allowed.
More like this
Sending HL7 Messages to OpenSpecimen via API
Sending HL7 Messages to OpenSpecimen via API
More like this
Configuring eConsents in CPs
Configuring eConsents in CPs
More like this
Ziath Integration
Ziath Integration
More like this
Deployment steps
Deployment steps
Read with this
Participant Header Configuration
Participant Header Configuration
More like this
Got feedback or spotted a mistake?
Leave a comment at the end of this page or email contact@krishagni.com