In this article we are going to show you how to install Nginx and set-up an SSL certificate on your Ubuntu 14.04 VPS.
What is Nginx?
It is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server. Nginx has a strong focus on high concurrency, high performance and low memory usage.
What is SSL?
It is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
UPDATE THE UBUNTU SYSTEM
Make sure you have a screen session and your Ubuntu Virtual Server is fully up-to date by running the following commands in your terminal
## screen -U -S nginx-ssl-screen ## apt-get update ## apt-get upgrade
INSTALL NGINX
Install Nginx on your Ubuntu linux virtual server with apt using the command below
## apt-get install nginx
SET-UP SSL IN NGINX
Setting up an SSL based website in Nginx is pretty simple. In this tutorial we will be using a self-signed SSL certificate. This means that instead of purchasing signed SSL certificates, we would have to generate and sign our own SSL certificate and use it in our Nginx.
Ok, so let’s generate SSL certificate for ssl.domain.tld in /root/ssl/ssl.domain.tld directory using the following commands:
## mkdir /root/ssl/ssl.domain.tld -p
## cd /root/ssl/ssl.domain.tld
## openssl genrsa -des3 -out ssl.domain.tld.key 2048
## openssl req -new -x509 -nodes -sha1 -days 365 -key ssl.domain.tld.key -out ssl.domain.tld.crt
## cp ssl.domain.tld.key{,.orig}
## openssl rsa -in ssl.domain.tld.key.orig -out ssl.domain.tld.key
## chmod 400 ssl.domain.tld.key
you should now have the following files in /root/ssl/ssl.domain.tld directory:
## ls -1 /root/ssl/ssl.domain.tld ssl.domain.tld.crt ssl.domain.tld.key ssl.domain.tld.key.orig
Ok, next thing to do, is to set-up Nginx virtual host directive (server block) for ssl.domain.tld which is serving, for example /var/www/html/secure directory.
first, create the document root directory using mkdir and for testing purposes, create a sample html file using
## mkdir /var/www/html/secure -p ## echo ssl.domain.tld > /var/www/html/secure/ssl-test.html
next, set-up configuration file in /etc/nginx/sites-available for ssl.domain.tld and obviously, make sure you replace ssl.domain.tld with your own domain name and also keep in mind to set correct paths to your SSL certificate and key.
## vim /etc/nginx/sites-available/ssl.domain.tld.conf
server {
listen 443;
server_name ssl.domain.tld;
ssl on;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
ssl_certificate /root/ssl/ssl.domain.tld/ssl.domain.tld.crt;
ssl_certificate_key /root/ssl/ssl.domain.tld/ssl.domain.tld.key;
access_log /var/log/nginx/ssl.domain.tld.log;
error_log /var/log/nginx/ssl.domain.tld-error.log error;
root /var/www/html/secure;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
enable the newly created Nginx server block, simply by creating a symbolic link from /etc/nginx/sites-available/ssl.domain.tld.conf to /etc/nginx/sites-enabled/ssl.domain.tld.conf
## cd /etc/nginx/sites-enabled ## ln -s /etc/nginx/sites-available/ssl.domain.tld.conf
RESTART NGINX
Finally, you need to restart your Nginx server for the change to take effect. You can first test you Nginx configuration using:
## nginx -t
and if everything is ok, you can restart the server using:
## service nginx restart
To test the set-up, try to open https://ssl.domain.tld/ssl-test.html in your favorite browser or use the following command:
## curl -s -k https://ssl.domain.tld/ssl-test.html ssl.domain.tld
Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to set this up for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.
nice tutorial….. :)