INTRODUCTION
NGINX
NGINX, an open source, high-performance HTTP server, reverse proxy, and IMAP/POP3 proxy server, has gained popularity as a load balancer.
OpenSSL
OpenSSL is a general purpose cryptography library that provides an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. OpenSSL used to generate self-signed certificates which can be used for testing purposes or internal usage. The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.
====================================================
Step-1):- Install ngnix first : //if you had already install then ignore this step
$ sudo apt-get install nginx
Step-2):- Install and generate openSSL certificate : –
a.) Install openSSL : –
$ sudo apt-get install openssl
// To check weather it is install or not, type “which openssl” on terminal if you get “/usr/bin/openssl” then openSSL is install successfully
b.) Generate SSL certificate at /etc/ssl :-
$ cd /etc/ssl $ sudo openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 $ sudo openssl rsa -passin pass:x -in server.pass.key -out server.key $ sudo rm server.pass.key $ sudo openssl req -new -key server.key -out server.csr //fill details of ssl $ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Step-3):- Add following line to sites-available of Nginx: –
$ sudo nano /etc/nginx/sites-available/default
server { listen 80; server_name YOUR_SERVER_DOMAIN_NAME_OR_IP; return 301 https: //$host$request_uri; } server { listen 8080; listen 443 ssl; server_name YOUR_SERVER_DOMAIN_NAME_OR_IP; ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; ssl_session_timeout 5 m; ssl_protocols SSLv3 TLSv1 TLSv1 .1 TLSv1 .2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; location / { proxy_pass http://localhost:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }
Step-4):- Save and restart Nginx –
$ sudo service nginx restart
====================================================
Reference : –