46 lines
1.4 KiB
Markdown
Executable file
46 lines
1.4 KiB
Markdown
Executable file
# Configuring HTTPS
|
|
|
|
### Get the required files
|
|
|
|
You can get a SSL certificate from a trusted Certificate Authority or generate your own. For self signed certificates the browser will show a warning that the certificate is not trusted. [Here's a tutorial for using Let's Encrypt to get a free SSL Certificate](lets-encrypt-ssl-setup.html)
|
|
|
|
The files required are
|
|
|
|
* Certificate (usually with extension .crt)
|
|
* Decrypted private key
|
|
|
|
If you have multiple certificates (primary and intermediate), you will have to concatenate them. For example,
|
|
|
|
cat your_certificate.crt CA.crt >> certificate_bundle.crt
|
|
|
|
Also make sure that your private key is not world readable. Generally, it is owned and readable only by root
|
|
|
|
chown root private.key
|
|
chmod 600 private.key
|
|
|
|
### Move the two files to an appropriate location
|
|
|
|
mkdir /etc/nginx/conf.d/ssl
|
|
mv private.key /etc/nginx/conf.d/ssl/private.key
|
|
mv certificate_bundle.crt /etc/nginx/conf.d/ssl/certificate_bundle.crt
|
|
|
|
### Setup nginx config
|
|
|
|
Set the paths to the certificate and private key for your site
|
|
|
|
bench set-ssl-certificate site1.local /etc/nginx/ssl/certificate_bundle.crt
|
|
bench set-ssl-key site1.local /etc/nginx/ssl/private.key
|
|
|
|
### Generate nginx config
|
|
|
|
bench setup nginx
|
|
|
|
### Reload nginx
|
|
|
|
service nginx reload
|
|
|
|
or
|
|
|
|
systemctl reload nginx # for CentOS 7
|
|
|
|
Now that you have configured SSL, all HTTP traffic will be redirected to HTTPS
|