Configuring HTTPS
Get the required files
You can get a SSL certificate from a trusted Certificate Authority or generate your own. For self signed certificates the browser will show a warning that the certificate is not trusted. Here's a tutorial for using Let's Encrypt to get a free SSL Certificate
The files required are
- Certificate (usually with extension .crt)
- Decrypted private key
If you have multiple certificates (primary and intermediate), you will have to concatenate them. For example,
cat your_certificate.crt CA.crt >> certificate_bundle.crt
Also make sure that your private key is not world readable. Generally, it is owned and readable only by root
chown root private.key
chmod 600 private.key
Move the two files to an appropriate location
mkdir /etc/nginx/conf.d/ssl
mv private.key /etc/nginx/conf.d/ssl/private.key
mv certificate_bundle.crt /etc/nginx/conf.d/ssl/certificate_bundle.crt
Setup nginx config
Set the paths to the certificate and private key for your site
bench set-ssl-certificate site1.local /etc/nginx/conf.d/ssl/certificate_bundle.crt
bench set-ssl-key site1.local /etc/nginx/conf.d/ssl/private.key
Generate nginx config
bench setup nginx
Reload nginx
sudo service nginx reload
or
systemctl reload nginx # for CentOS 7
Now that you have configured SSL, all HTTP traffic will be redirected to HTTPS