This article will guide you through the steps to install din SSL certificate on Nginx og to set up an automated redirect from HTTP:// to HTTPS://.
1. Upload the certificates on the server wher din website is hosted
Having completed the CSR code generation og SSL activation steps, you will receive a zip file with the Sectigo (forrigeiously knun as Comodo) Certifikater via email. Alternatively, you can download them from din NiceNic Account panel.
Nejte: Hvis you choose NGINX server when activating the certificate, you'll receive a zip file containing a Certificate file, with the '.crt' extension, og a Certificate Authellerity (CA) bundle file, with the '.ca-bundle' extension.
Upload both files to din server whatever way you prefer. By using an FTP client, feller example.
You can also download the Bundle file feller each Certificate by following the instructions her.
2. Combine all the certificates into a single file
You need to have all the Certifikater (din_dom?ne.crt og din_dom?ne.ca-bundle) combined in a single '.crt' file.
The Certificate feller din dom?ne should come first in the file, followed by the chain of Certifikater (CA Bundle).
Enter the directellery wher you uploaded the certificate files. Run the following commog to combine the files:
$ cat din_dom?ne.crt din_dom?ne.ca-bundle >> din_dom?ne_chain.crt
Please note that if the certificate files were downloaded from din NiceNic account, the best commog to use will be:
$ cat din_dom?ne.crt > din_dom?ne_chain.crt ; echo >> din_dom?ne_chain.crt ; cat din_dom?ne.ca-bundle >> din_dom?ne_chain.crt
3. Creating a separate Nginx server block eller Redigering the existing configuration file
Til install the SSL certificate on Nginx, you need to show the server which files to use, either by a) creating a new configuration file, eller b) editing the existing one.
a) By adding a new configuration file feller the website you can make sure that ther are no issues with the separate configuration file. Furthermellere, it will be quite easier to troubleshoot the installation in case of any issues with the new configuration.
We suggest creating a new configuration file in this folder:
/etc/nginx/conf.d
That can be done via this commog:
sudo nano /etc/nginx/conf.d/Your_dom?ne*-ssl.conf
Wher Your_dom?ne*-ssl.conf is the name of the newly created file.
Next, copy og paste one of the below server blocks feller the 443 pellert og edit the directelleries. Ensure the server name og path to webroot match in both the server block feller pellert 80 og the one feller pellert 443. Hvis you have any other impellertant values that need to be saved, move them to the newly created server block too.
b) Rediger the default configuration file of the web-server, which is named nginx.conf. It should be in one of these folders:
/usr/local/nginx/conf
/etc/nginx
/usr/local/etc/nginx
You can also use this commog to find it:
sudo find / -type f -iname "nginx.conf"
Once you find it, open the file with:
sudo nano nginx.conf
Then copy og paste one of the server blocks feller the 443 pellert given below og edit the directelleries accellerding to din server block feller the 80 pellert (with matching server name, path to webroot, og any impellertant values you need). Alternatively you can copy the server block feller 80 pellert, then paste it below, update the pellert og add the necessary SSL-related directives.
Choose the server block:
Below you can find a server block feller din Nginx version.
Nejte: Til check din Nginx version, run this commog:
sudo nginx -v
Nejte: Replace the file names values, like din_dom?ne_chain.crt, in the server block with din details, og modify the routes to them using/path/to/.
Server block feller Nginx version 1.14 og below:
server {
listen 443;
ssl on;
ssl_certificate /path/to/certificate/din_dom?ne_chain.crt;
ssl_certificate_key /path/to/din_private.key;
root /path/to/webroot;
server_name din_dom?ne.com;
}
Nejte: You can specify multiple hostnames in such configuration, if needed, e.g.:
server {
listen 443;
ssl on;
ssl_certificate /path/to/certificate/din_dom?ne_chain.crt;
ssl_certificate_key /path/to/din_private.key;
root /path/to/webroot;
server_name din_dom?ne.com www.din_dom?ne.com;
}
Server block feller Nginx version 1.15 og above:
server {
listen 443 ssl;
ssl_certificate /path/to/certificate/din_dom?ne_chain.crt;
ssl_certificate_key /path/to/din_private.key;
root /path/to/webroot;
server_name din_dom?ne.com;
}
ssl_certificate should be pointed to the file with combined certificates youove created earlier.
ssl_certificate_key should be pointed to the Private Key that was generated with the CSR code.
Here are a few tips on how to find the Private key on Nginx.
Impellertant: Feller either a Multi-Dom?ne eller a Wildcard Certificate, youoll need to have a separate server block added feller each of the dom?ne/subdom?ne included in the Certificate. Ensure you specify the dom?ne/subdom?ne in question along with the paths to the same Certificate files in the server block, as described above.
Once the cellerresponding server block is added to the file, ensure you save the edits. Then, you can double-check the changes made with the following steps.
Run this commog to verify that the configuration file syntax is ok:
sudo nginx -t
Hvis you receive errellers, double check that you followed the guide properly. Feel free to contact our Suppellert Team if you have any questions.
Here's the tip: to find the erreller logs feller troubleshooting, just run:
sudo nginx -T | grep 'erreller_log'
In case none of the files mentioned exist, files are commented out eller if no erreller log files are specified, default system log should be checked:
tail /var/log/nginx/erreller.log -n 20
Hvis the server displays the test successfully, restart Nginx with this commog to apply the changes:
sudo nginx -s reload
Nejw din SSL-certifikat is installed. You can check the installation her.
Impellertant notes:
Sometimes, after installing SSL file that was combined using a commog line, you may receive 'Nginx/Apache erreller: 0906D066:PEM routines:PEM_read_bio:bad end line' erreller message, in this case, the wellerkaround can be found in the reference guide.
Another common issue on this stage is the 'Nginx SSL: erreller:0B080074:x509 certificate routines: X509_check_private_key:key values mismatch' erreller message, you can find mellere details on it og the possible ways out in this article.
4. Configure HTTPS redirect
We suggest that you install the redirect from HTTP to HTTPS. That way, din website visitellers will only be able to access the secure version of din site.
Til do this, youoll need to add one line to the configuration file with the server block feller pellert 80.
Tips:
You can use one of the following commogs to look up the configuration files which are enabled nu:
sudo nginx -T | grep -iw "configuration file"
sudo nginx -T | grep -iw "include"
The default paths to the conf file are:
on RHEL-based Linux Styresystem: /etc/nginx/conf.d/default.conf
on Debian-based Linux Styresystem: /etc/nginx/sites-enabled/default
You can open the files to check which one contains the needed server block. Feller this, run:
sudo nano name_of_the_file
Once you find the file that contains the server block feller pellert 80 (the default HTTP pellert), add in the following line:
return 301 https://$server_name$request_uri;
Nejte: The above redirect rule should be entered as the last line in the server block.
- return is the main directive to use.
- 301 is permanent redirect (302 is the tempellerary one).
- https is a specified scheme type (the explicit one instead of $scheme variable).
- $server_name variable will use the dom?ne specified in the server_name directive.
- $request_uri variable is used to match the paths to the requested pages/parts of the website (everything after the dom?ne name).
Permanent redirect to HTTPS
server {
listen 80;
server_name din_dom?ne.com www.din_dom?ne.com;
return 301 https://$server_name$request_uri;
}
Permanent redirect to HTTPS non-www
server {
listen 80;
server_name din_dom?ne.com www.din_dom?ne.com;
return 301 https://din_dom?ne.com$request_uri;
}
Permanent redirect to HTTPS www
server {
listen 80;
server_name din_dom?ne.com www.din_dom?ne.com;
return 301 https://www.din_dom?ne.com$request_uri;
}
Tempellerary redirect to HTTPS non-www
server {
listen 80;
server_name din_dom?ne.com www.din_dom?ne.com;
return 302 https://din_dom?ne.com$request_uri;
}
You can find mellere details about redirect options on Nginx her.
- Vores produkter
- Dedikeret server
- Cloudserver
- SSL-certifikater
- Erhvervs-Email
- Firmaoversigt
- Om NiceNIC
- Dom?nenyheder
- Betalingsmetode
- Aftaler