experimental » certificate http://www.tajidyakub.com Experience the Experiment Sat, 10 Oct 2009 19:32:38 +0000 en hourly 1 HTTPS, SSL and Nginx http://www.tajidyakub.com/web-servers/https-ssl-and-nginx-2008-07-27.html http://www.tajidyakub.com/web-servers/https-ssl-and-nginx-2008-07-27.html#comments Sat, 26 Jul 2008 18:37:15 +0000 Tajid Yakub http://tajidyakub.com/?p=15 Say you want to run https port on nginx using a self signed SSL Certificate, this article summarized the steps. First we create the SSL Key, CSR (Certificate Signing Request) and CRT (SSL Certificate) and Configure nginx to answer the request from SSL port.

These are the original articles;

http://rubyjudo.com/2006/11/2/nginx-ssl-rails
http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx
http://blog.skateinmars.net/post/2007/11/01/phpMyAdmin-and-HTTPS-on-nginx

The aim is to run phpMyAdmin in secured mode served by nginx.

Create Keys and Certificates

Make a temp directory and remove it later after the setup succeed.

mkdir /home/username/temp
cd /home/username/temp

Create the private key, it will require a passphrase (it will be removed later on)

openssl genrsa -des3 -out pma.key 1024

Create the CSR (Certificate Signing Request), and enter the information required;

openssl req -new -key pma.key -out pma.csr

Then we remove the passphrase entered earlier when we create the key, if not, the box will ask us to enter the passphrase on every reboot.

cp pma.key pma.key.org
openssl rsa -in pma.key.org -out pma.key

Afterward, the digital certificate itself

openssl x509 -req -days 365 -in pma.csr -signkey pma.key -out pma.crt

The last thing is to put the files in the right place, to be called later by nginx, the final directory will depend on your config, in my case I want to put it inside nginx directory.

mkdir /usr/local/nginx/cert
cp pma.crt pma.key /usr/local/nginx/cert

Feel free to delete the temporary directory created for this purpose, or you might want to wait until your setup is done.

Nginx Virtual Host HTTPS

This is my final setup on phpMyAdmin subdomain (only the server part), I really can’t explain anything for now :), I just now it worked.

server {
listen pma.yourdomain.com:443;
client_max_body_size 10M;
index index.php;
server_name pma.yourdomain.com;
root /var/www/pma.yourdomain.com;

ssl on;
ssl_certificate /usr/local/nginx/certs/pma.crt;
ssl_certificate_key /usr/local/nginx/certs/pma.key;

location / {
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect false;
proxy_max_temp_file_size 0;
}

location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param HTTPS on;
include /usr/local/nginx/conf/fastcgi_params;

}

}
]]> http://www.tajidyakub.com/web-servers/https-ssl-and-nginx-2008-07-27.html/feed 0