Nginx (OpenResty) and SSL

Using Nginx from OpenResty and Setting up SSL for a domain.


Here are some articles and blogs and links that will help you to learn and know more about these.

https://openresty.org/download/agentzh-nginx-tutorials-en.html

https://openresty.org/en/

https://www.digitalocean.com/community/tutorials/how-to-use-certbot-standalone-mode-to-retrieve-let-s-encrypt-ssl-certificates-on-ubuntu-16-04

https://certbot.eff.org/


Pre-Requisites:

Linux (Ubuntu) Server.

Considering that the linux server is already setup and running with ubuntu, lets get started with the openresty and ssl setup.


Installing the necessary softwares.

You can follow THIS link and install OpenResty.

To install cerbot :

sudo apt-get install certbot # Ubuntu 20 and above


Getting SSL Certificate for domain with certbot.

sudo certbot certonly --standalone --preferred-challenges http -d example.com

Sample Nginx (OpenResty) config for SSL.

...
http {
    ...
server {
        ...
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
        ...
}
}

Restart and it should work fine.

OpenResty may need a service file setup for it to autorestart when the system is restarted but in most cases it is not needed and can be ignored

Comments

Leave a Reply