/
Generate SSL cert and configure into Nginx (website)
Got feedback or spotted a mistake?
Leave a comment at the end of this page or email contact@krishagni.com
Generate SSL cert and configure into Nginx (website)
Download the “certbot-auto” utility
wget https://dl.eff.org/certbot-auto
sudo cp certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
certbot-auto --help
Command to renew the SSL certificate (for particular domain)
certbot-auto certonly --webroot --webroot-path=/var/www/html -d <domain-name>
Example:
To renew the certificate of OpenSpecimen site.
certbot-auto certonly --webroot --webroot-path=/var/www/preprod.openspecimen.org/public_html -d www.openspecimen.org
Renew the certificate of forums site.
certbot-auto certonly --webroot --webroot-path=/var/www/html -d forums.openspecimen.org
Configuring SSL into Nginx
Create configuration file into ‘/etc/nginx/sites-avaiable/site.conf’ directory. Given below is example template to configure SSL into Nginx. (Proxy configuration will change as per application/site).
Example:
server {
listen 80;
server_name <host-name>;
root /var/www/html;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name <host-name;
root /var/www/html;
ssl_certificate <absolute-path-of-cert-file>;
ssl_certificate_key <absolute-path-of-private-key>;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
#Proxy configuration
location / {
proxy_pass http://127.0.0.1:9966;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ /.well-known {
allow all;
}
}
Once the SSL certificates are generated and configured, restart the nginx service.
Restart: service nginx restart
Stop: service nginx stop
Start: service nginx start
Test configuration: nginx -t
, multiple selections available,
Related content
Locale Configuration
Locale Configuration
Read with this
Configuring eConsents in CPs
Configuring eConsents in CPs
More like this
Cloud Hosting Architecture
Cloud Hosting Architecture
Read with this
Institutes and Sites
Institutes and Sites
More like this
Deployment
Deployment
Read with this
Automatic Survey Sending Rules Example
Automatic Survey Sending Rules Example
More like this
Got feedback or spotted a mistake?
Leave a comment at the end of this page or email contact@krishagni.com