Step-By-Step Procedure To Install SSL/TLS Certificate On Nginx Web Server!

Time needed: 30 minutes.

Install SSL/TLS Certificate on Nginx Web Server!

1. Set up a website on Nginx

   In this section, we will be installing Nginx webserver on Linux Mint and creating a website ‘exampledomain.com’. If you have a site running on Nginx, you can skip this section.

   #1. Install Nginx on Linux
   $ sudo apt-get install nginx

   #2. Check the Status
   $ sudo systemctl status nginx

   #3. Start Nginx if not started
   $ sudo systemctl start nginx

   #4. Allow both HTTP and HTTPS on the UFW firewall
   $ sudo ufw allow ‘nginx full’

   #5. Configure a Server Block on Nginx
   Most of the time you may need to host multiple sites/domains on a single web server. Most of the modern web servers accomplish this via virtual hosts. In Nginx, those virtual machines are functioning as server blocks. Nginx has one default server block preconfigured. We are not going to tweak the default server block. We will create a new one for an example site.

   #5.1. Create a directory for your site under /var/www/.
   $ sudo mkdir -p /var/www/exampledomain.com/html

   #5.2. Set the permission and ownership
   $ sudo chown $USER:$USER /var/www/exampledomain.com
   $ sudo chmod 755 /var/www/exampledomain.com

   #5.3. Create an index.html file for the test site using nano editor
   $ sudo nano /var/www/exampledomain.com/html/index.html

   #5.4. Create the server block configuration file
   $ sudo nano /etc/nginx/sites-available/exampledomain.com

   #5.5. Create symbolic link of the configuration file
   $ sudo ln -s /etc/nginx/sites-available/exampledomain.com /etc/nginx/sites-enabled

   #6. Restart the Nginx Service
   $ sudo systemctl restart nginx

   #7. Add the host file entry. Edit the file /etc/hosts in nano editor
   $ sudo nano /etc/hosts

   #8. Add the below line right below the localhost entry
   127.0.1.1 exampledomain.com www. exampledomain .com

   This is how you can create a website on Nginx.
   
   

2. Create a CSR, submit the CSR to a Certificate Authority, and download the certificate with its private key.

   Certificate Signing Request is the first step to get a Certificate for your website.

   #1. Create a CSR for the site with a private key. This command will create two files exampledomain.com.csr and exampledomain.com.key.
   $ openssl req -new -newkey rsa:2048 -nodes -keyout exampledomain.com.key -out exampledomain.com.csr

   #2. Submit the content of the CSR to your internal or public Certificate Authority to sign the certificate. Once the CA issues the certificate download it to /etc/nginx/ssl/exampledomain.com/ directory on your Nginx server.

   #3. Copy the exampledomain.com.key to /etc/nginx/ssl/exampledomain.com/ directory.

   Note: You can skip this step if you have the certificate for your site.

   

3. Configure the Nginx configuration file with the SSL/TLS certificate and private key.

   This is the place where you need to link the certificate to your website. Edit the Nginx config file and point the certificate and its private key.

   $ sudo nano /etc/nginx/sites-available/exampledomain.com

   server {
   listen 80;
   listen 443 ssl;

   root /var/www/exampledomain.com/html;
   index index.html index.htm index.nginx.debian.html;

   server_name exampledomain.com www.exampledomain.com;
   ssl_certificate /etc/nginx/ssl/exampledomain.com/exampledomain.com.crt;
   ssl_certificate_key /etc/nginx/ssl/exampledomain.com/exampledomain.com.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
   ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5;

   location / {
   try_files $uri $uri/ =404;
   }
   }

   

4. Restart the Nginx services.

   Restart the Nginx service using this domain.

   $ sudo systemctl restart nginx

   Test the Nginx configuration.

   $ sudo nginx -t

   If you see a successful message. You can access the site over HTTPS secure channel.