Skip to main content
Hashnode100 Days of DevOps

Command Palette

Search for a command to run...

Day 15/100 of DevOps

Day 15: Setup SSL for Nginx

Published
3 min read
S
Sidhartha Roul

Task:

1. Install and configure nginx on App Server 1.

2. On App Server 1 there is a self signed SSL certificate and key present at location /tmp/nautilus.crt and /tmp/nautilus.key. Move them to some appropriate location and deploy the same in Nginx.

3. Create an index.html file with content Welcome! under Nginx document root.

What is NGINX

NGINX (pronounced "engine-x") is open-source software that performs several key functions in modern web infrastructure. It is primarily known as a high-performance web server, but it also excels as a reverse proxy, load balancer, HTTP cache, and mail proxy (for IMAP, POP3, and SMTP). NGINX was designed for maximum performance and stability, particularly when handling a large number of concurrent connections with minimal resource consumption, due to its event-driven, asynchronous architecture.

What NGINX Does:

  • Web Server:

    Serves static content like HTML files, images, and CSS directly to clients.

  • Reverse Proxy:

    Acts as an intermediary between clients and backend servers. It accepts client requests, forwards them to the appropriate backend server, and returns the server's response to the client. This can enhance security and simplify server management.

  • Load Balancer:

    Distributes incoming client requests across multiple backend servers to ensure no single server becomes overloaded, improving overall performance and availability.

  • HTTP Cache:

    Stores copies of frequently requested resources to serve them faster to subsequent requests, reducing the load on backend servers and improving response times.

  • Mail Proxy:

    Can act as a proxy for email protocols like IMAP, POP3, and SMTP.

NGINX Configuration File (nginx.conf):

The core settings and behavior of NGINX are defined in its configuration file, typically named nginx.conf, and often located in /etc/nginx/ or /usr/local/nginx/conf/. This file uses a specific syntax with directives and blocks to control NGINX's operation.

Step by Step Process:

  1. SSH to the App Server 01

    ssh tony@172.16.238.10

  2. Check and install nginx in the server

    sudo systemctl status nignx

    sudo yum install nginx -y

  3. Start the service and check the status

    sudo systemctl start nginx

    sudo systemctl enable nginx

    sudo systemctl status nginx

  4. Move SSL Certificate and Key

    Moves the self-signed SSL certificate and key to standard locations used by Nginx for TLS.

    sudo mv /tmp/nautilus.crt /etc/pki/tls/certs

    sudo mv /tmp/nautilus.key /etc/pki/tls/private/

  5. Configure Nginx for SSL

    sudo vi /etc/nginx/nginx.conf

    Edit the Nginx configuration file to enable SSL. Key changes:

    • Set server_name to server IP(172.16.238.12)

    • Point to the certificate and key files

    • Uncommenting TLS block

  1. Restart and check the status of nginx service

    sudo systemctl restart nginx

    sudo systemctl status nginx

  2. Create a Welcome Page

    sudo vi /usr/share/nginx/html/index.html

    Add the content:

     Welcome!

    This is the default page served by Nginx.

  3. Test Nginx Configuration

    sudo nginx -t

  4. Verify from Jump Host

    curl -Ik https://172.16.238.10/

    This sends a HEAD request to the server over HTTPS to verify SSL and response headers.

#devops#kodekloud#nginx#web-servers#ssl#100daysofdevops#ssl-certificate

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

100 Days of DevOps

19 posts