If your application has any sort of login page or transmits sensitive information, it’s wise to make those sections accessible only via HTTPS. Even if your site has no sensitive information, it’s worth considering using HTTPS as Google now considers it a ranking signal.

For any pages a general user will access, you’ll want to use an SSL certificate signed by a reputable third party to avoid browser warnings. There are a number of vendors out there offering certificates, but free personal certificate from StartSSL will probably work fine for non-commerce sites.

Self-signed SSL certificates

If you’re just testing SSL or have an application that you alone access, a self-signed certificate could be an easy temporary solution. A self-signed SSL certificate will provide encryption but not identity verification.

Browsers will display warnings when the certificate is used so you’ll definitely not want to use these on public-facing content.

Generate your self-signed SSL certificate

I place my SSL certificates in /srv/ssl, but other locations can be used depending on your Linux distribution, configuration, or personal preference. Here, we create /srv/ssl if it doesn’t already exist, create our certificate and private key, and adjust the key’s permissions.

mkdir -p /srv/ssl
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /srv/ssl/selfsigned.key -out /srv/ssl/selfsigned.crt
chmod 400 /srv/ssl/selfsigned.key

The OpenSSL documentation explains these parameters.

Configure Nginx

With your self-signed SSL certificate created, here’s the basic Nginx server block needed to use it. This example listens on all IPv4 addresses on port 443. IPv6 can be supported be adding or substituting listen [::]:443 ssl.

server {
  listen 443 ssl;
  server_name private.rudeotter.com;
  ssl_certificate /srv/ssl/selfsigned.crt;
  ssl_certificate_key /srv/ssl/selfsigned.key;

  root /srv/www/private.rudeotter.com/htdocs;
  index index.html

Before restarting Nginx, test the configuration with nginx -t. If the test is successful, go ahead and restart Nginx with service nginx restart.

You may want to check out the StartSSL certificate tutorial or the Nginx and HTTPS tags for more information about configuring SSL in Nginx.

%d bloggers like this: