Step by Step Installation Nginx Web Server and OpenSSL HTTPS

7 Comments | Server By · 07/07/2023



Step by Step Installation Nginx Web Server and OpenSSL HTTPS

Step by Step Installation Nginx Web Server and OpenSSL HTTPS

nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VK, and Rambler. According to Netcraft, nginx served or proxied 21.21% busiest sites in November 2022. Here are some of the success stories: Dropbox, Netflix, Wordpress.com, FastMail.FM.

The OpenSSL Project develops and maintains the OpenSSL software – a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication. The project’s technical decision making is managed by the OpenSSL Technical Committee (OTC) and the project governance is managed by the OpenSSL Management Committee (OMC). The project operates under formal Bylaws.

Command Installation Nginx Web Server debian server
—————————————————————————————-
apt install nginx
systemctl status nginx

Step by Step Installation SSL to Nginx
————————————–
[1] Make Self-Signed SSL Certificate
apt install openssl
openssl version
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
openssl dhparam -out /etc/nginx/dhparam.pem 4096

[2] Setup configuration Nginx
1) nano /etc/nginx/snippets/self-signed.conf
then write 2 line script:
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
2) nano /etc/nginx/snippets/ssl-params.conf
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection “1; mode=block”;
3) nano /etc/nginx/sites-available/default
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;

server_name yourdomain.com www.yourdomain.com;

location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
return 302 https://$server_name$request_uri;
}

[3] Configuration Firewall
ufw app list
ufw status
ufw allow ‘Nginx HTTPS’
ufw allow ‘Nginx Full’
ufw delete allow ‘Nginx HTTP’
[4] be Actived change of configuration Nginx SSL
nginx -t
systemctl restart nginx
[5] Testing SSL Https
open browser

Comments are closed.

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav