Skip to main content

Install and configure free secure SSL certificate in NGINX web server in Oracle Linux cloud


ssl_logo

SSL certificates are used to secure our website and encrypt the details sent to the server.

We will use a free self-signed SSL certificate and configure the SSL certificate using the NGINX web server.

We need the oracle Linux cloud instance and NGINX server up and running. This step is prerequisite for this tutorial.

Please refer to below link to install the oracle Linux and NGINX server.

https://www.tech4learners.com/2022/01/how-to-create-linux-instance-with-24-gb.html

https://www.tech4learners.net/2022/01/install-nginx-web-server-in-linux-cloud.html

Once your compute instance and NGINX are up and running, proceed with the following steps.

First step is to create PRIVATE / PUBLIC keys using the openssl command.

We are using the RSA algorithm as an encryption method. 

Replace the <IP_ADDRESS> with your Linux instance IP ADDRESS.

sudo openssl req -new -x509 -days 30 -nodes -newkey rsa:2048 -keyout private.key \-out public.crt -subj '/C=US/ST=Ca/L=Sunnydale/CN=<IP_ADDRESS>'


openssl_command


Next, We need to create a 'private' directory under the location /etc/pki/nginx.

sudo mkdir -p /etc/pki/nginx/private


private_dir


Copy the private key to the newly created 'private' folder using the below command.

sudo cp private.key /etc/pki/nginx/private


copy_private_key


Copy the public key to the location /etc/pki/nginx using the below command.

sudo cp public.crt /etc/pki/nginx/


copy_public_key


We need to provide the PUBLIC/PRIVATE key path in the NGINX.conf file.

NGINX.CONF file is located in \etc\nginx folder.

Open the NGINX.CONF file using vim editor.

sudo vim nginx.conf


vim_edit


You can see two sets of configurations.

One is for HTTP connections, and another one is for HTTPS connections.

We need to update both.

HTTPS/TLS connection settings will be commented by default.

Remove the # and uncomment it.

Update the server name using your Linux instance IP.

Update the public key name in the ssl_certificate parameter.

Update private key name in  ssl_certificate_key.

Port 443 will be used for HTTPS connections by default.


https_config


Next, we need to update the HTTP connection settings.

Update the IP address in the server_name parameter.

Remove the root parameter from the HTTP connection.

Add a new line below the server_name parameter as mentioned below.

return 301 https://$host$request_uri;


http_config


Refer the complete NGINX config file below.


user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  129.154.231.111;
        return 301 https://$host$request_uri;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.

    server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  129.154.231.111;
        root         /usr/share/nginx/html;

        ssl_certificate "/etc/pki/nginx/public.crt";
        ssl_certificate_key "/etc/pki/nginx/private/private.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

}


Now all the required configurations are done.

Next, we need to enable the firewall port for HTTPS connections using the below command.

sudo firewall-cmd --add-service=https --permanent


https_firewall

Reload the firewall setting using the below command.

sudo firewall-cmd --reload


firewall_reload

Now all the settings are done.

Restart the NGINX server using the below command.

sudo systemctl restart nginx


restart_nginx

Check the status of the NGINX server after the restart.

sudo systemctl status nginx


Now go back to the browser and refresh.

You might get a warning first time since we are using a self-signed SSL certificate. However, we will not get any warning If we use SSL certificates from vendors.

Click and accept the warning.

Now you can see default NGINX web page is loaded and connected using a secure HTTPS method.

https_ssl

Please post your questions in your commands.

Please click and subscribe to the below channel to see this tutorial in video format.

https://www.youtube.com/channel/UCtzdDJIXhQX6v3-8iXCJWQw?sub_confirmation=1



Labels:

Comments

Post a Comment

Popular posts from this blog

How to create free oracle cloud ubuntu vps and access through windows remote desktop connection?

In this post, We will see how to create a free ubuntu VPS server in oracle cloud and configure ubuntu xrdp to access via windows remote desktop connection. Creating Free UBUNTU VPS server in oracle cloud If you don't have Ubuntu VPS running, follow the link below and create the server. Also, You can watch the youtube video tutorial at the end of this post. Create Free VPS in oracle cloud While creating the compute instance, we need to select Canonical Ubuntu in the Operating system image selection below. Follow the below steps once you have the server up and running. Update firewall port configurations for RDP We need to allow connections via port 3389 in oracle cloud subnet configurations for remote desktop connection. To do that, Click 'Public subnet' on the ubuntu instance details page and add a new Ingress rule. Select Default security list. Click the 'Add Ingress rul...
3 comments
Read more

How to create Linux instance with 24 GB RAM 4 CPU using Oracle cloud server?

This tutorial will see how to create an oracle cloud Linux compute instance with 24 GB RAM and 4 CPUs. We will not use Putty keys to create and connect the Linux instance in this method. We will be using a public key /Private key generated by Oracle. Step 1.  Log in to your Oracle Cloud account and navigate to compute instance menu. Step 2. Click the Edit option in the Image and Shape section. Step 3. You can see 'AMD' shape is preselected. Click on Change Shape. Select 'AMPERE ARM-Based processor.' Click on the Shape name and choose the required CPU and memory. After finishing, click the 'select shape' button. Step 4: In the Add SSH keys part, select the 'Generate a key pair for me' option. Save private and public keys. Click the create button once keys are saved in the drive. Wait for a few seconds until the instance status shows as RUNNING. Verify the memory and CPU count in Shape configuration. Step 5: Download and install Mobaxterm SSH client from b...
Post a Comment
Read more