SSL Configuration
One of the most important parts of software development— is security. So to make sure your users are surfing secure resource — you must do some obligatory steps that will help you to build secure and modern software. One of them — is configuring SSL on your website. Here we will speak about couple steps that will make your Nginx and Apache servers to work over HTTPS
Lets split this configuration guide into logical parts, so that will ease understanding of the content.
Purchase SSL from the well known providers
The SSL can be purchased on different resources like Godaddy, Cloudflare, etc. After this is done — you offered to download a pack with 3 files(in most cases)
- yourname.key — certificate key file
- yourname.crt — primary certificate file
- yourname-bundle.crt — intermediate certificate file
Upload downloaded SSL files to your server
Always the best way is to have all the things sorted so you will definitely know where to find particular file on a server.
- Create folder with name ssl under the /var, so you will the folder with the following path — /var/ssl
With the following structure it will be easy and logically for you to find appropriate files on the server if needed.
- Add correct permissions to the created folder, so system would then allow you to upload files.
- Then upload files you got from SSL provider to that ssl folder
Configure Nginx with SSL
- Install Nginx to to your Ubuntu instance
sudo apt-get install nginx- Go to the folder where you have SSL files
cd /var/ssl- For Nginx you need to create chained certificate file based on primary and intermediate certificate files
sudo cat yourname.crt yourname-bundle.crt > yourname.chained.crtAfter this command — additional file will be created in the directory where you run it — yourname.chained.crt
- Open the ‘default’ file in /etc/nginx/sites-available/
sudo nano /etc/nginx/sites-available/default- Insert the following content with correct data for your project
server {
listen 80;
listen [::]:80;
server_name domain.com 0.11.222.333; // your server IP here
return 301 https://domain.com$request_uri;
}server {
listen 443 ssl;
server_name domain.com;
ssl_certificate /var/ssl/yourname.chained.crt;
ssl_certificate_key /var/ssl/yourname.key;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:8080";
}
}
- Then save changes, and restart Nginx
sudo systemctl restart nginxSSL is configured, and when you check it in the browser, you will see it is running over HTTPS
Configure Apache with SSL
- Run this two commands on your Ubuntu instance
sudo a2enmod ssl
sudo a2ensite default-ssl- Open default-ssl.conf file to put correct configs
sudo nano /etc/apache2/sites-available/default-ssl.conf- Insert the following content with correct data for your project
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
Redirect / https://domain.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin admin@example.com
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/ssl/yourname.crt
SSLCertificateKeyFile /var/ssl/yourname.key
SSLCertificateChainFile /var/ssl/yourname-bundle.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<Directory /var/www/html>
AllowOverride All
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>- Save configuration and restart apache2
sudo service apache2 restartThat’s it! Your Apache server is now configured with SSL. And when go to your domain or sub-domain(depends on what were you actually configuring) — you’ll see it’s running over HTTPS! Congratulations!
Thank you for reading! Want to get more? Visit oril.co for more articles and helpful information for software developers!
Cheers!
