Use a deafult cert for nginx

If you use a service like cloudflare or sucuri you don’t need a valid cert on the backend servers to do full ssl to backend. If you want full ssl to the server you need 2 things

  • self signed cert
  • nginx proxy to send traffic to port 80

Using this method you need your application to send out redirects to ssl version of pages.

Self signed crt

You can gererate one with:

Usage: ./

This creates 2 files and that should be coppied to /etc/nginx/ssl

Nginx server block

# /etc/nginx/conf.d/000_ssl.conf

server {
  listen 443 default_server ssl;

  ssl_certificate	/etc/nginx/ssl/;
  ssl_certificate_key	/etc/nginx/ssl/;

  location / {
      proxy_set_header          Host $host;
      proxy_set_header          X-Forwarded-Proto $scheme;
      proxy_pass                http://localhost:80;

Cloud & Open-Source magician 🧙‍♂️

I try to find the KISS in complex systems and share it with the world.

comments powered by Disqus