1. Install Nginx HTTP Web Server
If you don’t already have Nginx HTTP Server installed, the commands below can help you install it on Ubuntu 16.04 or 18.04… Just copy and paste each line and run it.
sudo apt update sudo apt install nginx
2. Creating Self-signed Certificates
run the commands below to generate the server private key as well as the self-signed SSL/TLS certificate for the example.com domain… you’ll be using.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/example.com.key -out /etc/ssl/certs/example.com.crt
After running the commands above, you’ll be prompted to answer few questions about the certificate you’re generating… answer them and complete the process.
. ----- Country Name (2 letter code) [AU]:FR State or Province Name (full name) [Some-State]:Paris Locality Name (eg, city) :Brookly Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Company Organizational Unit Name (eg, section) :SSL Unit Common Name (e.g. server FQDN or YOUR name) :example.com Email Address :firstname.lastname@example.org Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : LEAVE BLANK
Finally the private key file will be stored in /etc/ssl/private/ folder called example.com.key and the certificate file stored in /etc/ssl/certs/ folder called example.com.crt as defined on the command line above.
3. Installing the certificates
After generating the certificate, the next step will be to configure it on Nginx server configuration. To do that, open Nginx config file and add the highlighted lines below…
sudo nano /etc/nginx/sites-available/default
Then reference the certificate files in Nginx configuration as shown below:
Uncomment these lines :
listen 443 ssl default_server; listen [::]:443 ssl default_server; ssl on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
And add the following two lines :
ssl_certificate /etc/ssl/certs/example.com.crt; ssl_certificate_key /etc/ssl/private/example.com.key;
Save the file and close out.
After making the changes above, run the commands below to test your settings.
sudo nginx -t
If you don’t see any error messages then you’re good. Restart nginx web server by running the commands below.
sudo systemctl restart nginx
And finnaly you can browse to the server domain using https in your browser and you’ll get a certificate warning because it’s a self-signed.