Home Daily Update Microservices AWS Solution

AWS Solutions

June 7, 2024

Step-by-Step Guide to Setup Nginx and SSL

1. Install Nginx

If you haven't already installed Nginx, you can do so by running the following commands:

sudo apt update
sudo apt install nginx

2. Verify Firewall Settings

Ensure that your firewall allows HTTP (80) and HTTPS (443) traffic. You can allow Nginx Full profile:

sudo ufw allow 'Nginx Full'

3. Install Certbot

Certbot is available in the default Ubuntu repositories. Install it using the following command:

sudo apt install certbot python3-certbot-nginx

4. Generate a Self-Signed SSL Certificate

You can generate a self-signed SSL certificate using OpenSSL. Run the following command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/selfsigned.key -out /etc/ssl/certs/selfsigned.crt

5. Test Nginx Configuration

After configuring Nginx, it's essential to test the configuration for any syntax errors:

sudo nginx -t

If there are no errors, reload Nginx:

sudo systemctl reload nginx

6. Edit Nginx Configuration

Next, you need to edit your nginx configuration file to remove the reference to options-ssl-nginx.conf. Typically, this file is located in /etc/nginx/sites-enabled/default, but it might be different based on your setup. Open the file for editing:

sudo nano /etc/nginx/sites-enabled/default

Configuration Example:

server {
    listen 443 ssl;
    server_name 13.235.128.88;

    ssl_certificate /etc/ssl/certs/selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/selfsigned.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'HIGH:!aNULL:!MD5';

    location / {
        proxy_pass http://127.0.0.1:4001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Updated Configuration:

server {
    listen 443 ssl;
    server_name 13.235.128.88;

    ssl_certificate /etc/ssl/certs/selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/selfsigned.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location / {
        proxy_pass http://127.0.0.1:4001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

7. Test Nginx Configuration

Before restarting nginx, it's a good practice to test the configuration for syntax errors:

sudo nginx -t

8. Restart Nginx

If the configuration test is successful, restart nginx to apply the changes:

sudo systemctl restart nginx

9. Install pm2 Globally

Once you have Node.js and npm installed, you can install pm2 globally by running the following command:

npm install -g pm2
sudo npm install -g pm2
Back to Home