How to install Nginx and set-up SSL certificate on an Ubuntu 14.04 VPS


Nginx-logoIn this article we are going to show you how to install Nginx and set-up an SSL certificate on your Ubuntu 14.04 VPS.

What is Nginx?

It is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server. Nginx has a strong focus on high concurrency, high performance and low memory usage.

What is SSL?

It is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

UPDATE THE UBUNTU SYSTEM

Make sure you have a screen session and your Ubuntu Virtual Server is fully up-to date by running the following commands in your terminal

## screen -U -S nginx-ssl-screen
## apt-get update
## apt-get upgrade

INSTALL NGINX

Install Nginx on your Ubuntu linux virtual server with apt using the command below

## apt-get install nginx

SET-UP SSL IN NGINX

Setting up an SSL based website in Nginx is pretty simple. In this tutorial we will be using a self-signed SSL certificate. This means that instead of purchasing signed SSL certificates, we would have to generate and sign our own SSL certificate and use it in our Nginx.

Ok, so let’s generate SSL certificate for ssl.domain.tld in /root/ssl/ssl.domain.tld directory using the following commands:

## mkdir /root/ssl/ssl.domain.tld -p
## cd /root/ssl/ssl.domain.tld
## openssl genrsa -des3 -out ssl.domain.tld.key 2048
## openssl req -new -x509 -nodes -sha1 -days 365 -key ssl.domain.tld.key -out ssl.domain.tld.crt
## cp ssl.domain.tld.key{,.orig}
## openssl rsa -in ssl.domain.tld.key.orig -out ssl.domain.tld.key
## chmod 400 ssl.domain.tld.key

you should now have the following files in /root/ssl/ssl.domain.tld directory:

## ls -1 /root/ssl/ssl.domain.tld
ssl.domain.tld.crt
ssl.domain.tld.key
ssl.domain.tld.key.orig

Ok, next thing to do, is to set-up Nginx virtual host directive (server block) for ssl.domain.tld which is serving, for example /var/www/html/secure directory.

first, create the document root directory using mkdir and for testing purposes, create a sample html file using

## mkdir /var/www/html/secure -p
## echo ssl.domain.tld > /var/www/html/secure/ssl-test.html

next, set-up configuration file in /etc/nginx/sites-available for ssl.domain.tld and obviously, make sure you replace ssl.domain.tld with your own domain name and also keep in mind to set correct paths to your SSL certificate and key.

## vim /etc/nginx/sites-available/ssl.domain.tld.conf


server {
    listen 443;
    server_name ssl.domain.tld;

    ssl    on;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    ssl_certificate        /root/ssl/ssl.domain.tld/ssl.domain.tld.crt;
    ssl_certificate_key    /root/ssl/ssl.domain.tld/ssl.domain.tld.key;

    access_log /var/log/nginx/ssl.domain.tld.log;
    error_log /var/log/nginx/ssl.domain.tld-error.log error;

    root /var/www/html/secure;
    index  index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

enable the newly created Nginx server block, simply by creating a symbolic link from /etc/nginx/sites-available/ssl.domain.tld.conf to /etc/nginx/sites-enabled/ssl.domain.tld.conf

## cd /etc/nginx/sites-enabled
## ln -s /etc/nginx/sites-available/ssl.domain.tld.conf

RESTART NGINX

Finally, you need to restart your Nginx server for the change to take effect. You can first test you Nginx configuration using:

## nginx -t

and if everything is ok, you can restart the server using:

## service nginx restart

To test the set-up, try to open https://ssl.domain.tld/ssl-test.html in your favorite browser or use the following command:

## curl -s -k https://ssl.domain.tld/ssl-test.html
ssl.domain.tld

Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to set this up for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Tutorials
How to Install Zen Cart with Nginx on Debian 8
Tutorials
How to install Nagios3 and Check_MK on an Ubuntu 12.04 LTS VPS
Tutorials
How to install Zenphoto on Ubuntu 14.04
  • r00t

    r00tr00t

    Author Reply

    nice tutorial….. :)