RSS

Monthly Archives: May 2019

SSL in DigitalOcean

Goto your server and

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

 

 

  1.  Generate Key and CSR file for request certificate in hosting by using command
    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/example.com.key -out /etc/ssl/certs/example.com.crt
  2. Go to control panel which hosting provide SSL and download
  3. Now you will get 2 files are *.key and *.crt
  4. copy file domainName.key to /etc/ssl/private/
  5. copy file domainName.crt to /etc/ssl/certs/ 
  6. modify file default in sudo nano /etc/nginx/sites-available/default as bellow

server {

        listen 80 default_server;

        listen [::]:80 default_server;

        # SSL configuration

        #

        listen 443 ssl http2 default_server;

        listen [::]:443 ssl http2 default_server;

        #

        # Note: You should disable gzip for SSL traffic.

        # See: https://bugs.debian.org/773332

        #

        # Read up on ssl_ciphers to ensure a secure configuration.

        # See: https://bugs.debian.org/765782

        #

        # Self signed certs generated by the ssl-cert package

        # Don’t use them in a production server!

        #

        # include snippets/snakeoil.conf;

        root /var/www/landing-page;

        # Add index.php to the list if you are using PHP

        index index.html index.htm index.nginx-debian.html;

        server_name domain.com;

        #ssl on;

        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

        ssl_ciphers         “HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES”;

        ssl_certificate     /etc/ssl/certs/domain.com.crt;

        ssl_certificate_key /etc/ssl/private/domain.com.key;

        location / {

                # First attempt to serve request as file, then

                # as directory, then fall back to displaying a 404.

                try_files $uri $uri/ =404;

        }

}

 

server {

       listen         80;

       server_name    http://www.domain.com;

       return         301 https://$server_name$request_uri;

}

 

Referenced: https://websiteforstudents.com/setup-nginx-http-server-self-signed-ssl-tls-certificates-on-ubuntu-16-04-lts-servers/

https://www.xolphin.com/support/Nginx/Nginx_-_Redirect_HTTP_to_HTTPS

 
Leave a comment

Posted by on May 7, 2019 in Nginx