Say you want to run https port on nginx using a self signed SSL Certificate, this article summarized the steps. First we create the SSL Key, CSR (Certificate Signing Request) and CRT (SSL Certificate) and Configure nginx to answer the request from SSL port.
These are the original articles;
http://rubyjudo.com/2006/11/2/nginx-ssl-rails
http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx
http://blog.skateinmars.net/post/2007/11/01/phpMyAdmin-and-HTTPS-on-nginx
The aim is to run phpMyAdmin in secured mode served by nginx.
Create Keys and Certificates
Make a temp directory and remove it later after the setup succeed.
mkdir /home/username/temp
cd /home/username/temp
Create the private key, it will require a passphrase (it will be removed later on)
openssl genrsa -des3 -out pma.key 1024
Create the CSR (Certificate Signing Request), and enter the information required;
openssl req -new -key pma.key -out pma.csr
Then we remove the passphrase entered earlier when we create the key, if not, the box will ask us to enter the passphrase on every reboot.
cp pma.key pma.key.org
openssl rsa -in pma.key.org -out pma.key
Afterward, the digital certificate itself
openssl x509 -req -days 365 -in pma.csr -signkey pma.key -out pma.crt
The last thing is to put the files in the right place, to be called later by nginx, the final directory will depend on your config, in my case I want to put it inside nginx directory.
mkdir /usr/local/nginx/cert
cp pma.crt pma.key /usr/local/nginx/cert
Feel free to delete the temporary directory created for this purpose, or you might want to wait until your setup is done.
Nginx Virtual Host HTTPS
This is my final setup on phpMyAdmin subdomain (only the server part), I really can’t explain anything for now :), I just now it worked.
server {
listen pma.yourdomain.com:443;
client_max_body_size 10M;
index index.php;
server_name pma.yourdomain.com;
root /var/www/pma.yourdomain.com;
ssl on;
ssl_certificate /usr/local/nginx/certs/pma.crt;
ssl_certificate_key /usr/local/nginx/certs/pma.key;
location / {
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect false;
proxy_max_temp_file_size 0;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param HTTPS on;
include /usr/local/nginx/conf/fastcgi_params;
}
}
HTTPS, SSL and Nginx
Say you want to run https port on nginx using a self signed SSL Certificate, this article summarized the steps. First we create the SSL Key, CSR (Certificate Signing Request) and CRT (SSL Certificate) and Configure nginx to answer the request from SSL port.
These are the original articles;
http://rubyjudo.com/2006/11/2/nginx-ssl-rails
http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx
http://blog.skateinmars.net/post/2007/11/01/phpMyAdmin-and-HTTPS-on-nginx
The aim is to run phpMyAdmin in secured mode served by nginx.
Create Keys and Certificates
Make a temp directory and remove it later after the setup succeed.
Create the private key, it will require a passphrase (it will be removed later on)
Create the CSR (Certificate Signing Request), and enter the information required;
Then we remove the passphrase entered earlier when we create the key, if not, the box will ask us to enter the passphrase on every reboot.
Afterward, the digital certificate itself
The last thing is to put the files in the right place, to be called later by nginx, the final directory will depend on your config, in my case I want to put it inside nginx directory.
Feel free to delete the temporary directory created for this purpose, or you might want to wait until your setup is done.
Nginx Virtual Host HTTPS
This is my final setup on phpMyAdmin subdomain (only the server part), I really can’t explain anything for now :), I just now it worked.
server { listen pma.yourdomain.com:443; client_max_body_size 10M; index index.php; server_name pma.yourdomain.com; root /var/www/pma.yourdomain.com; ssl on; ssl_certificate /usr/local/nginx/certs/pma.crt; ssl_certificate_key /usr/local/nginx/certs/pma.key; location / { proxy_set_header X_FORWARDED_PROTO https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect false; proxy_max_temp_file_size 0; } location ~ .php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param HTTPS on; include /usr/local/nginx/conf/fastcgi_params; } }