So you have a program on your computer that's running a HTTP server, but you want to add HTTPS support to it to prevent people from snooping on your activity.
Fortunately, that's pretty easy to do.
Downloads
- nginx
- openssl (for Windows, mine came with cmder)
Installing nginx
Pretty straight forward.
Windows: Download, extract and open command prompt there
Linux: Add repo, update and apt-get to install
Testing default setup
- Windows: type "start nginx"
- Linux: Should already be started after installation. If not, try /etc/init.d/nginx start
Open up a browser to http://localhost/ and you should see an nginx page.
Generating Encryption Certificate
For this process I'm just going to self-sign a certificate to get your server up and running. The browser will complain about it for the first time, but after you add the exception and test that it's all working you can get it signed properly elsewhere.
- Open up a terminal and "cd" to nginx conf folder
-
- Linux: cd /etc/nginx/
- Windows: cd /D X:\Wherever\You\Extracted\nginx\conf\
- Type in
openssl req -x509 -sha256 -newkey rsa:2048 -keyout yourdomain.com.key -out yourdomain.com.pem -days 1825 -subj '/CN=yourdomain.com' -nodes
- This will generate your private key file and your certificate. Keep your key safe!
Configuring SSL on nginx
- Open up nginx.conf
- Under the "http" entry
- Add in this snippet and modify to suit your domain/port numbers
# SSL reverse proxy server
server {
listen 443 ssl;
server_name localhost;ssl_certificate yourdomain.com.pem;
ssl_certificate_key yourdomain.com.key;#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;location / {
proxy_pass http://localhost:1234/;
}
}
In this example I'm proxying the HTTPS request to https://yourdomain.com:443 (default HTTPS port being 443) to a service running at http://localhost:1234 on the same computer.
Reload nginx and you see if it works on the browser.
- Linux: /etc/init.d/nginx reload
- Windows: nginx -s reload
Now you should be able to access your HTTP service via a secure HTTPS proxy.
See? Wasn't that hard after all!
Additional redirects
You might want to add a regular HTTP server which redirects to the new HTTP server. Simply add this to the conf script above or below the details for the HTTPS "server {}".
server {
listen 80;
server_name yourdomain.com;location / {
return 301 https://$host/;
}
}
Sources
- nginx for Windows
- NGINX SSL Termination | NGINX
- HTTPS with Nginx: setting up an SSL certificate in 3 simple steps | Clement Nedelcu
- ssl - How to create a self-signed certificate with openssl? - Stack Overflow
- certificate - What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?
- How To Configure Nginx with SSL as a Reverse Proxy for Jenkins | DigitalOcean
- Web Rules & Rewrites: Nginx Rewrites, Redirects and other Cloud Configs | MODX Cloud
- Nginx Redirect
- Rewrite root address to a subdirectory in nginx - Stack Overflow
