Nginx HTTPS setup with a self-signed SSL certificate.
It’s not recommended to use HTTPS without a valid SSL/TLS certificate. The certificate is used to encrypt communication between the server and client, and without a valid certificate, the connection will not be encrypted and will be vulnerable to attacks.
However, if you still want to use HTTPS without a valid SSL/TLS certificate, you can do so by using a self-signed certificate or a certificate issued by a private Certificate Authority (CA). Here’s how to do it using nginx:
- Generate a self-signed certificate:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx-selfsigned.key -out /etc/nginx/ssl/nginx-selfsigned.crt
This command generates a self-signed certificate and key with a validity of 365 days and saves them to /etc/nginx/ssl/nginx-selfsigned.key
and /etc/nginx/ssl/nginx-selfsigned.crt
respectively.
- Configure nginx to use the self-signed certificate:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;
ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;
# other server configurations
}
This configuration tells nginx to listen on port 443 (HTTPS) and use the self-signed certificate and key for SSL/TLS encryption.
Note that self-signed certificates are not trusted by default by web browsers and will result in a warning message when a user tries to access the website. To avoid this, you can install the self-signed certificate on the client devices or use a valid SSL/TLS certificate issued by a trusted CA.