Apr 29, 2022
We'll create a self-signed SSL certificate on a Linux machine which we can use for local development with Nginx.
Note: This is only for local development, do not use a self-signed SSL certificate on any publicly accessible website.
First, we'll create a new directory where will be stored all the required files for this certificate.
sudo mkdir /etc/ssl/self-signed-cert
We'll create an SSL key encrypted with 2048 bits.
sudo openssl genrsa -out "/etc/ssl/self-signed-cert/self-signed-cert.key" 2048
Next, create a certificate sign request with the key we just created.
sudo openssl req -new -key "/etc/ssl/self-signed-cert/self-signed-cert.key" -out "/etc/ssl/self-signed-cert/self-signed-cert.csr"
After this, you will be prompted to enter some information like country name, state or province name, locality name, etc.
You can enter your information here, for example:
Country Name: SR
State or Province name: Serbia
Locality Name: Belgrade
Organization Name: Self Signed SSL Certificate
Organizationl Unit Name:
Common Name:
Email Address:
A challendge password:
An optional company name:
The last step is to create a certificate itself with the request and key we just created.
sudo openssl x509 -req -days 365 -in "/etc/ssl/self-signed-cert/self-signed-cert.csr" -signkey "/etc/ssl/self-signed-cert/self-signed-cert.key" -out "/etc/ssl/self-signed-cert/self-signed-cert.crt"
In this example, the certificate we created will be valid for 1 year (365 days), if you want you can change this per your need.
That's it. Our self-signed SSL certificate is created.
To configure an HTTPS server, the SSL parameter must be enabled on listening sockets in the server block, and the locations of the server certificate and private key files should be specified.
Open the Nginx configuration file for a project where you want to use this certificate.
sudo vim /etc/nginx/sites-available/my-app.test
Enable SSL on the listening socket and specified the location of the certificate and private key files.
server {
listen
443 ssl;
ssl_certificate
/etc/ssl/self-signed-cert/self-signed-cert.crt
ssl_certificate_key
/etc/ssl/self-signed-cert/self-signed-cert.key
}
For example, the Nginx config file will look like this after you added those lines:
server {
listen 80;
listen [::]:80;
listen 443 ssl;
// new line
server_name my-app.test www.my-app.test;
root /home/vojislav/code/my-app.test/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
ssl_certificate /etc/ssl/self-signed-cert/self-signed-cert.crt;
// new line
ssl_certificate_key /etc/ssl/self-signed-cert/self-signed-cert.key;
// new line
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
Next, check if the Nginx configuration is correct.
sudo nginx -t
Output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
If everything is ok, restart the Nginx service.
sudo systemctl restart nginx
Now, if you visit your project address it should work with a secure transfer protocol (HTTPS)
That's it, now you can work on your project locally with the HTTPS protocol.