How to setup TLS certificates for a domain with nginx
You can do that with certbot and obtain Let’s encrypt certificates, but here I assume you’ve obtained the certificates in a zip archive.
mv file.crt /etc/pki/tls/certs/file.crt
chown root:root /etc/pki/tls/certs/file.crt`
mv file.key /etc/pki/tls/private/file.key
chown root:root /etc/pki/tls/certs/file.key
Add these lines into the proper nginx config (for your domain):
ssl_certificate "/etc/pki/tls/certs/file.crt";
ssl_certificate_key "/etc/pki/tls/private/file.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
Due to SELinux, you need to:
restorecon -v -R /etc/pki/tls/certs
restorecon -v -R /etc/pki/tls/private
systemctl restart nginx.service
Now your domain should be working properly via https.
If you want to redirect all HTTP traffic to HTTPS, put these lines into the appropriate nginx config:
server {
listen 80;
server_name your.domain.com;
return 301 https://$server_name$request_uri;
}
80 is port for HTTP, 301 redirect is a clear way of redirecting the traffix.
See the official how-to.
published: 2023-03-14
last modified: 2023-03-20
https://vit.baisa.cz/notes/code/setup-tls-certificate-nginx/
last modified: 2023-03-20
https://vit.baisa.cz/notes/code/setup-tls-certificate-nginx/