-
Notifications
You must be signed in to change notification settings - Fork 152
NGINX HTTPS Configuration
aart edited this page Sep 30, 2024
·
1 revision
If you don't have a self-signed certificate, you can create one using the following steps:
Create a self-signed certificate with Certs Maker using the following command:
docker run --rm -it -e CERT_DNS="<YOUR_PUBLIC_IP>" -v $(pwd)/certs:/ssl soulteary/certs-maker
The path to the certificate files is as follows:
ls $(pwd)/certs
Copy the certificate files to the NGINX configuration directory:
sudo mkdir -p /etc/nginx/ssl
sudo cp $(pwd)/certs/<YOUR_PUBLIC_IP>.crt /etc/nginx/ssl/
sudo cp $(pwd)/certs/<YOUR_PUBLIC_IP>.key /etc/nginx/ssl/
Create and edit the site configuration:
sudo nano /etc/nginx/sites-available/openvsx
The site configuration is as follows:
# Handle HTTP requests on port 80
server {
listen 80;
server_name <YOUR_PUBLIC_IP>;
# Redirect all HTTP requests to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# Handle HTTPS requests on port 443
server {
listen 443 ssl;
server_name <YOUR_PUBLIC_IP>;
ssl_certificate /etc/nginx/ssl/<YOUR_PUBLIC_IP>.crt;
ssl_certificate_key /etc/nginx/ssl/<YOUR_PUBLIC_IP>.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://<YOUR_PUBLIC_IP>:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Create a symbolic link and reload NGINX:
sudo ln -s /etc/nginx/sites-available/openvsx /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
Check and update the configuration:
sudo grep -r '<YOUR_PUBLIC_IP>' /etc/nginx/
sudo mv /etc/nginx/sites-available/<YOUR_PUBLIC_IP>.conf /etc/nginx/sites-available/<YOUR_PUBLIC_IP>.conf.disabled
sudo rm /etc/nginx/sites-enabled/<YOUR_PUBLIC_IP>.conf
sudo ln -s /etc/nginx/sites-available/openvsx /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx