SSL/TLS
Self-signed Certificate
This configuration uses a self-signed certificate and should not be considered fully secure.
HTTP Redirect
This configuration will redirect all HTTP requests to use HTTPS instead.
Overview#
Nginx can provide TLS Offloading for Endrpi which enables encrypted communication.
Prerequisites#
Configuration#
1. Generate a self-signed certificate#
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
2. Open the Endrpi configuration for editing#
sudo nano /etc/nginx/sites-available/endrpi
3. Use the following configuration#
# HTTP redirect to HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
# HTTPS server
server {
# SSL configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
proxy_pass http://localhost:5000;
}
}
4. Save changes#
Ctrl+O
6. Restart Nginx#
sudo systemctl restart nginx
Assuming Endrpi is running, HTTP requests to http://localhost/docs should automatically redirect to the HTTPS route https://localhost/docs .
Browser errors#
Navigating to https://localhost/docs in a browser should prompt a warning indicating the certificate is not trusted, or that the certificate authority is invalid. Self-signed certificates are not trusted by default as they can be generated by anyone.
References#
-
Certificates for localhost
letsencrypt.org [Last accessed 03/20/2021] -
How To Create a Self-Signed SSL Certificate for Nginx in Ubuntu 18.04
digitalocean.com [Last accessed 03/20/2021] -
Self-signed certificate
wikipedia.org [Last accessed 03/20/2021] -
SSL/TLS Offloading, Encryption, and Certificates with NGINX and NGINX Plus
nginx.com [Last accessed 03/20/2021]