Skip to main content

Install and configure free secure SSL certificate in NGINX web server in Oracle Linux cloud


ssl_logo

SSL certificates are used to secure our website and encrypt the details sent to the server.

We will use a free self-signed SSL certificate and configure the SSL certificate using the NGINX web server.

We need the oracle Linux cloud instance and NGINX server up and running. This step is prerequisite for this tutorial.

Please refer to below link to install the oracle Linux and NGINX server.

https://www.tech4learners.com/2022/01/how-to-create-linux-instance-with-24-gb.html

https://www.tech4learners.net/2022/01/install-nginx-web-server-in-linux-cloud.html

Once your compute instance and NGINX are up and running, proceed with the following steps.

First step is to create PRIVATE / PUBLIC keys using the openssl command.

We are using the RSA algorithm as an encryption method. 

Replace the <IP_ADDRESS> with your Linux instance IP ADDRESS.

sudo openssl req -new -x509 -days 30 -nodes -newkey rsa:2048 -keyout private.key \-out public.crt -subj '/C=US/ST=Ca/L=Sunnydale/CN=<IP_ADDRESS>'


openssl_command


Next, We need to create a 'private' directory under the location /etc/pki/nginx.

sudo mkdir -p /etc/pki/nginx/private


private_dir


Copy the private key to the newly created 'private' folder using the below command.

sudo cp private.key /etc/pki/nginx/private


copy_private_key


Copy the public key to the location /etc/pki/nginx using the below command.

sudo cp public.crt /etc/pki/nginx/


copy_public_key


We need to provide the PUBLIC/PRIVATE key path in the NGINX.conf file.

NGINX.CONF file is located in \etc\nginx folder.

Open the NGINX.CONF file using vim editor.

sudo vim nginx.conf


vim_edit


You can see two sets of configurations.

One is for HTTP connections, and another one is for HTTPS connections.

We need to update both.

HTTPS/TLS connection settings will be commented by default.

Remove the # and uncomment it.

Update the server name using your Linux instance IP.

Update the public key name in the ssl_certificate parameter.

Update private key name in  ssl_certificate_key.

Port 443 will be used for HTTPS connections by default.


https_config


Next, we need to update the HTTP connection settings.

Update the IP address in the server_name parameter.

Remove the root parameter from the HTTP connection.

Add a new line below the server_name parameter as mentioned below.

return 301 https://$host$request_uri;


http_config


Refer the complete NGINX config file below.


user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  129.154.231.111;
        return 301 https://$host$request_uri;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.

    server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  129.154.231.111;
        root         /usr/share/nginx/html;

        ssl_certificate "/etc/pki/nginx/public.crt";
        ssl_certificate_key "/etc/pki/nginx/private/private.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

}


Now all the required configurations are done.

Next, we need to enable the firewall port for HTTPS connections using the below command.

sudo firewall-cmd --add-service=https --permanent


https_firewall

Reload the firewall setting using the below command.

sudo firewall-cmd --reload


firewall_reload

Now all the settings are done.

Restart the NGINX server using the below command.

sudo systemctl restart nginx


restart_nginx

Check the status of the NGINX server after the restart.

sudo systemctl status nginx


Now go back to the browser and refresh.

You might get a warning first time since we are using a self-signed SSL certificate. However, we will not get any warning If we use SSL certificates from vendors.

Click and accept the warning.

Now you can see default NGINX web page is loaded and connected using a secure HTTPS method.

https_ssl

Please post your questions in your commands.

Please click and subscribe to the below channel to see this tutorial in video format.

https://www.youtube.com/channel/UCtzdDJIXhQX6v3-8iXCJWQw?sub_confirmation=1



Labels:

Comments

Post a Comment

Popular posts from this blog

How to create free oracle cloud ubuntu vps and access through windows remote desktop connection?

In this post, We will see how to create a free ubuntu VPS server in oracle cloud and configure ubuntu xrdp to access via windows remote desktop connection. Creating Free UBUNTU VPS server in oracle cloud If you don't have Ubuntu VPS running, follow the link below and create the server. Also, You can watch the youtube video tutorial at the end of this post. Create Free VPS in oracle cloud While creating the compute instance, we need to select Canonical Ubuntu in the Operating system image selection below. Follow the below steps once you have the server up and running. Update firewall port configurations for RDP We need to allow connections via port 3389 in oracle cloud subnet configurations for remote desktop connection. To do that, Click 'Public subnet' on the ubuntu instance details page and add a new Ingress rule. Select Default security list. Click the 'Add Ingress rul
3 comments
Read more

How to install NGINX web server in oracle Linux cloud instance?

  Step 1: Login to oracle Linux instance using SSH client. Step 2: Enter the NGINX installation command as follows. > sudo yum install nginx If you face 'No package nginx available' error, we need to install the 'EPEL' repository. To install the EPEL repo, use the below command. > sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm We can install NGINX server once EPEL is installed . Enter the command  'sudo yum install nginx' again. Wait until the installation is complete. Step 3: We need to start the NGINX server once the installation is complete. Also, we need to make NGINX startup as a service.So that we don't need to start the NGINX server manually after reboot. Command to make the NGINX as a service is as follows. > sudo systemctl enable --now nginx.service Step 4: Verify the NGINX server status using the following command. > sudo systemctl status nginx Step 5: Add the HTTP firewall for port 80 using the
Post a Comment
Read more