Step 1) Install nginx
[root@master ~]# yum install epel-release -y
[root@master ~]# yum install nginx -y
Step 2) Enable nginx.service
[root@master ~]# systemctl enable nginx
Step 3) Start nginx service
[root@master ~]# systemctl start nginx
Step 4) Test http connection
[root@master ~]# curl -Ik http://master
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Sun, 31 Jan 2021 00:22:17 GMT
Content-Type: text/html
Content-Length: 4057
Last-Modified: Mon, 07 Oct 2019 21:16:24 GMT
Connection: keep-alive
ETag: "5d9bab28-fd9"
Accept-Ranges: bytes
Step 5) Generate Self Signed Certificates
[root@master ~]# mkdir /etc/nginx/ssl
[root@master ~]# cd /etc/nginx/ssl
[root@master ssl]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt
Generating a RSA private key
............................................................................................+++++
....................................+++++
writing new private key to '/etc/nginx/ssl/server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:NC
Locality Name (eg, city) [Default City]:Charlotte
Organization Name (eg, company) [Default Company Ltd]:PAVAN, Inc
Organizational Unit Name (eg, section) []:PAVAN
Common Name (eg, your name or your server's hostname) []:master
Email Address []:pavan@abc.com
[root@master ssl]#
Step 6) Configure SSL
Uncomment SSL configuration section and update the following
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name master;
root /usr/share/nginx/html;
ssl_certificate "/etc/nginx/ssl/server.crt";
ssl_certificate_key "/etc/nginx/ssl/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
Step 7) http to https redirection
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name master;
root /usr/share/nginx/html;
return 301 https://$server_name$request_uri;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
Step 8) Verify the syntax
[root@master ssl]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Step 9) Restart nginx
[root@master ssl]# systemctl restart nginx
Step 10) Test the SSL(https) connection .
[root@master ssl]# curl -Ik http://master
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.1
Date: Sun, 31 Jan 2021 01:13:09 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://master/
Now http request is being routed to https and SSL is working.
Installation log is available at: https://github.com/pavanbandaru/webserver/blob/main/nginx-install-configure-ssl
Step 11) You can access the URL from the web browser.
https://master
No comments:
Post a Comment