Steps to configure HTTPS:
1. Obtain the SSL/TLS certificate
You can obtain an SSL/TLS certificate in the following ways:
Use a self-signed certificate(Applicable to development or internal testing environments)
Obtain certificates from a trusted certificate authority (CA)(Applicable to production environment)
Get your certificate for free with Let’s Encrypt
1.1 Generate a self-signed certificate (suitable for testing environments)
On Linux systems, you can useopensslTo generate a self-signed certificate.
# Create a private key and certificate signing request (CSR)openssl req -new -newkey rsa:2048 -nodes -keyout -out # Sign a self-signed certificate with a private keyopenssl x509 -req -days 365 -in -signkey -out
This command generates (private key) and (self-signed certificate). When actually configuring, you need to provide the path to the certificate and private key.
1.2 Get a free certificate from Let's Encrypt (recommended for production)
Let’s Encrypt offers free SSL certificates that can be obtained and automatically configured through the tool Certbot.
Install Certbot
# Ubuntu / Debian Systemsudo apt-get update sudo apt-get install certbot python3-certbot-nginx
Obtain a certificate
# Use Certbot to get certificates for your domain name and automatically configure Nginxsudo certbot --nginx -d -d
Certbot will automatically generate a certificate for you and modify the Nginx configuration file to enable HTTPS.
2. Configure Nginx
2.1 Configuring HTTPS virtual host
Edit the Nginx configuration file (usually located in /etc/nginx/sites-available/default or /etc/nginx/) and add the following configuration:
server {
listen 443 ssl;
server_name ;
ssl_certificate /etc/ssl/certs/;
ssl_certificate_key /etc/ssl/private/;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
root /var/www/html;
index ;
}
}
# Force HTTP redirect to HTTPSserver {
listen 80;
server_name ;
return 301 https://$host$request_uri;
}ssl_certificate and ssl_certificate_key Specifies the paths to the SSL certificate and private key.
ssl_protocols and ssl_ciphers ensure the use of secure encryption protocols and encryption suites.
The second server block is used to redirect HTTP requests to HTTPS.
2.2 Verify Nginx configuration
After editing is complete, verify that the Nginx configuration is correct:
sudo nginx -t
If the configuration is correct, restart the Nginx service:
sudo systemctl restart nginx
3. Test HTTPS configuration
Access through the browser, ensure that the HTTPS configuration is successful. If you use a self-signed certificate, the browser may warn that the certificate is not trusted.
4. Automatic renewal (Let’s Encrypt certificate)
Let’s Encrypt’s certificate is valid for 90 days. You can manually renew the certificate by:
sudo certbot renew
Typically, Certbot automatically configures cron tasks or system timers to automatically renew certificates.
Summarize
Configuring HTTPS involves obtaining an SSL/TLS certificate and modifying the web server configuration file to ensure that the server communicates using the encrypted HTTPS protocol. Using Let’s Encrypt is a simple and free solution for configuring HTTPS in production environments, while self-signed certificates are suitable for development or testing environments.
The above is the detailed steps for configuring HTTPS in Linux system. For more information about configuring HTTPS in Linux, please pay attention to my other related articles!