configure Nginx with a self-signed SSL certificate for a domain

Ehmad

Here’s a step-by-step guide to configure Nginx with a self-signed SSL certificate for a domain, directing requests to a local service running on port 5006.

1. Create a Self-Signed SSL Certificate

First, you need to create a self-signed SSL certificate for the domain. You can use openssl to generate the certificate and private key.

  1. Generate the SSL Certificate and Private Key:

    sudo mkdir -p /etc/nginx/ssl
sudo openssl req -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/yourdomain.key -x509 -days 365 -out /etc/nginx/ssl/yourdomain.crt

    Replace yourdomain with your actual domain name (e.g., example.com). During this command, you’ll be prompted to provide details for the certificate, such as Country Name, Organization, and so on. You can leave these fields blank if not required.

2. Configure Nginx

Now, configure Nginx to use the self-signed SSL certificate and to forward traffic to port 5006.

  1. Edit Nginx Configuration File:

    Open (or create) your domain configuration file in Nginx. Typically, it’s located in /etc/nginx/sites-available/yourdomain:

    sudo nano /etc/nginx/sites-available/yourdomain

  2. Add the SSL Configuration and Reverse Proxy Settings:

    Add the following configuration to the file:

    server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;

    # Redirect all HTTP traffic to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name yourdomain.com www.yourdomain.com;

    # SSL Certificate and Key
    ssl_certificate /etc/nginx/ssl/yourdomain.crt;
    ssl_certificate_key /etc/nginx/ssl/yourdomain.key;

    # SSL Settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # Proxy Pass to Local Port 5006
    location / {
        proxy_pass http://127.0.0.1:5006;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

    This configuration does the following:

    • Redirects HTTP traffic to HTTPS.
    • Configures SSL on port 443 with the self-signed certificate.
    • Proxies all HTTPS requests to the local server on port 5006.

  3. Enable the Site Configuration:

    Link the configuration file from sites-available to sites-enabled to enable it:

    sudo ln -s /etc/nginx/sites-available/yourdomain /etc/nginx/sites-enabled/

  4. Test the Nginx Configuration:

    Test the configuration to ensure there are no syntax errors:

    sudo nginx -t

  5. Reload Nginx:

    If the test is successful, reload Nginx to apply the changes:

    sudo systemctl reload nginx

3. Verify the Setup

  • Visit https://yourdomain.com in your browser. You should see a warning because the certificate is self-signed.
  • You can proceed to the site, and the requests should be proxied to the service running on port 5006.

Notes:

  • To bypass the certificate warning, you’ll need to add the certificate as a trusted authority in your browser or use a Certificate Authority (CA) to get a trusted SSL certificate for production environments.

You should also read:

Ehmad

Streaming live audio over Wi-Fi with an ESP8266

Streaming live audio over Wi-Fi with an ESP8266 is a fascinating project but has some limitations due to the hardware’s constrained resources. The ESP8266 is designed for IoT applications and may not handle high-quality audio streaming directly. However, with careful design, it’s possible to achieve…

Continue reading...
Ehmad

Create a simple seismograph with BMI160 6-DOF

Using the BMI160 6-DOF (Degrees of Freedom) Accelerometer and Gyroscope Module is a much better option than a microphone for a DIY seismograph! The BMI160 has a 3-axis accelerometer and a 3-axis gyroscope, which allows it to detect minute changes in acceleration and orientation. With…

Continue reading...