Skip to content


Self-signed Certificate

This configuration uses a self-signed certificate and should not be considered fully secure.

HTTP Redirect

This configuration will redirect all HTTP requests to use HTTPS instead.


Nginx can provide TLS Offloading for Endrpi which enables encrypted communication.


  1. Installing Nginx
  2. Reverse Proxy


1. Generate a self-signed certificate#
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
2. Open the Endrpi configuration for editing#
sudo nano /etc/nginx/sites-available/endrpi
3. Use the following configuration#
# HTTP redirect to HTTPS
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    return 301 https://$host$request_uri;

# HTTPS server
server {
    # SSL configuration
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

    root /var/www/html;

    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
        proxy_pass http://localhost:5000;

4. Save changes#


6. Restart Nginx#
sudo systemctl restart nginx

Assuming Endrpi is running, HTTP requests to http://localhost/docs should automatically redirect to the HTTPS route https://localhost/docs .

Browser errors#

Navigating to https://localhost/docs in a browser should prompt a warning indicating the certificate is not trusted, or that the certificate authority is invalid. Self-signed certificates are not trusted by default as they can be generated by anyone.


  1. Certificates for localhost [Last accessed 03/20/2021]

  2. How To Create a Self-Signed SSL Certificate for Nginx in Ubuntu 18.04 [Last accessed 03/20/2021]

  3. Self-signed certificate [Last accessed 03/20/2021]

  4. SSL/TLS Offloading, Encryption, and Certificates with NGINX and NGINX Plus [Last accessed 03/20/2021]