Use a deafult cert for nginx

aapjeisbaas
Last updated on 2017-09-26 1 min read

If you use a service like cloudflare or sucuri you don’t need a valid cert on the backend servers to do full ssl to backend. If you want full ssl to the server you need 2 things

  • self signed cert
  • nginx proxy to send traffic to port 80

Using this method you need your application to send out redirects to ssl version of pages.

Self signed crt

You can gererate one with: selfsigned.sh

Usage: ./selfsigned.sh server.name.tld

This creates 2 files server.name.tld.key and server.name.tld.crt that should be coppied to /etc/nginx/ssl

Nginx server block

# /etc/nginx/conf.d/000_ssl.conf

server {
  listen 443 default_server ssl;

  ssl_certificate	/etc/nginx/ssl/server.name.tld.crt;
  ssl_certificate_key	/etc/nginx/ssl/server.name.tld.key;

  location / {
      proxy_set_header          Host $host;
      proxy_set_header          X-Forwarded-Proto $scheme;
      proxy_pass                http://localhost:80;
  }

}
ssl nginx
Cloud & Open-Source magician 🧙‍♂️

I try to find the KISS in complex systems and share it with the world.

comments powered by Disqus