Install Nginx Server with SSL

2022-09-18

Install nginx

apt install nginx
systemctl reload nginx.service

sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx

sudo nginx -s reload

SSL Certificate

In previous exercise, we can generate a self signed or Let’s encrypt certificate; or we could convert it from a PFX cert. After this step, a certificate (server.crt) and certificate key (server.key) should be generated

# Extract encryped private key
openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
# Extract public key
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]
# Covert the encrypted key to an unencrypted key
openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]

Add SSL config in the nginx config file

# nginx.conf
# Settings for a TLS enabled server.

    server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  _;
        root         /usr/share/nginx/html;

      	ssl_certificate "/home/ec2-user/certificates/server.crt";
	      ssl_certificate_key "/home/ec2-user/certificates/server.key";

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# reload after configure change
systemctl reload nginx
systemctl status nginx

Reference

Howto convert a PFX to a seperate .key/.crt file