Install Nginx with HTTPS support on CentOS

Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Igor Sysoev started development of Nginx in 2002, with the first public release in 2004. Nginx now hosts nearly 12.18% (22.2M) of all domains worldwide. As Netcraft predicted, Nginx now surpasses Microsoft IIS as the second most popular web server.

Nginx is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption. This tutorial will help those who is trying to install Nginx with HTTPS support.

Note: The ssl certification is self generated. Therefore it is not recommended for commercial websites, though it can be used for personal use such as hosting an administration area

Download Nginx and Install It
[bash]
cd
wget http://nginx.org/download/nginx-1.0.11.tar.gz
tar -zxvf nginx-1.0.11.tar.gz
cd nginx-1.0.11
./configure –with-http_ssl_module
make
make install
[/bash]

Now, let us generate a self signed ssl certificate valid for 1 year
[bash]
cd /usr/local/nginx/conf
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr -subj "/C=ab/ST=cd/L=ef/CN=ghij"
mv server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
[/bash]

Final step
Edit nginx configuration

[bash]
nano /usr/local/nginx/conf/nginx.conf
[/bash]

comment out the https section
[code]
server {
listen 443;
server_name localhost;

ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;

ssl_session_timeout 5m;

ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root html;
index index.html index.htm index.php;
}
}
[/code]

That is fine.
Now you have to restart nginx to take effect

[bash]
cd /usr/local/nginx/sbin/
./nginx -s stop
./nginx
[/bash]

Now you can browser https://serverip

Leave a Reply

Your email address will not be published. Required fields are marked *