How do I install SSL certificate on NGINX Webserver. NGINX is most popular for hosting rails applications as well as used for fast http server for serving streaming videos and images.
Here are the steps to install Godaddy SSL certificate on Nginx server.
First you need to concatenate the both certificate and godaddy CA budle file in to a single file. See the command shown below,
[root@ph-web01 ssl]# ls
gd_bundle-g2-g1.crt www.mydomain.com.crt www.mydomain.com.key
[root@ph-web01 ssl]# cat www.mydomain.com.crt gd_bundle-g2-g1.crt > www.mydomain.com_new.crt
[root@ph-web01 ssl]# ls
gd_bundle-g2-g1.crt www.mydomain.com.crt www.mydomain.com.key www.mydomain.com_new.crt
[root@ph-web01 ssl]#
gd_bundle-g2-g1.crt www.mydomain.com.crt www.mydomain.com.key
[root@ph-web01 ssl]# cat www.mydomain.com.crt gd_bundle-g2-g1.crt > www.mydomain.com_new.crt
[root@ph-web01 ssl]# ls
gd_bundle-g2-g1.crt www.mydomain.com.crt www.mydomain.com.key www.mydomain.com_new.crt
[root@ph-web01 ssl]#
Next you need to copy the existing virtual host entries and create new one for SSL area. Here is my Rails hosting area supported for SSL.
server {
listen 443 ssl;
server_name mydomain.com;
ssl on;
ssl_certificate /opt/nginx/ssl/www.mydomain.com_new.crt;
ssl_certificate_key /opt/nginx/ssl/www.mydomain.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
root /home/domain/public_html/public;
index index.html index.htm;
passenger_enabled on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
listen 443 ssl;
server_name mydomain.com;
ssl on;
ssl_certificate /opt/nginx/ssl/www.mydomain.com_new.crt;
ssl_certificate_key /opt/nginx/ssl/www.mydomain.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
root /home/domain/public_html/public;
index index.html index.htm;
passenger_enabled on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
Restart ngnix server to check the SSL installation
Leave a Reply