How to install SSL Certificate on Centos 7 with Nginx

Question

I've needed to set up SSL on my server, and have been putting it off, I've now done it, and found it a lot simpler than expected, so for anyone else, here's the process I followed.

I have a dedicated server, and have downloaded a GeoTrust Certificate and Private Key (supplied by my host).

I have uploaded both of these to /etc/nginx/ssl/ (as root).

I added the following to my Nginx default.conf:

server {
  server_name www.example.com;
  listen 443;
  ssl on;
  ssl_certificate /etc/nginx/ssl/www.example.com_ssl_certificate.cer;
  ssl_certificate_key /etc/nginx/ssl/www.example.com_private_key.key;

  location / {
    allow all;

    # Proxy Headers
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Cluster-Client-Ip $remote_addr;

    # The Important Websocket Bits!
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_pass http://examplecom;
  }
}

I have opened up port 443 as follows:

firewall-cmd --permanent --zone=public --add-port=443/tcp

And added https service:

firewall-cmd --permanent --zone=public --add-service=https

I can now access the app over https at my domain.

The final issue is setting up the Phoenix web sockets over wss, I will edit this post and add that information as soon as I have it done.

HTH someone.

Centos 7
Nginx 1.10.1

Thanks for your answer. I need just a little more. How to add the self-signed root certificate for localhost to the trusted root ca store in Centos 7/8? — Ariel, Dec 03 '19 at 11:01

score 0 · Answer 1 · answered Aug 02 '21 at 11:22

you need to configure it in this way for using it with Nginx

server {
    listen 80;
    listen 443 ssl;
    server_name www.example.com ;

ssl_certificate_key /etc/letsencrypt/live/api.domain.com/privkey.pem;
ssl_certificate    /etc/letsencrypt/live/api.domain.com/fullchain.pem;

    error_page 403 404 500 502 503 504 /critical_error.html;



    if ($scheme = http) {
         return 301 https://$server_name$request_uri;
        }


        access_log /var/log/nginx/exampleApi-access.log main;
        error_log /var/log/nginx/exampleApi-error.log;

    location / {
        proxy_pass http://yourip:port;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

}

It will work for sure you should try this.

How to install SSL Certificate on Centos 7 with Nginx

1 Answers1