Nginx Proxy Forward and SSL Certificate Installation


You already have a website up and running, but you want to migrate your environment, local network has been set up, NetGateway (We will go over this shortly.) has been installed, and you have set up your virtual machines on your local network, finally you have configured your web server and brought your site online, but what is this? You are trying to reach your website but you are not successful. While thinking about why, the thought comes to your mind that your website is working on a local network . So how can we solve this problem? Yes, you are thinking correctly, the answer is definitely Nginx :)

What is NetGateway?

NetGateway is a service developed 100% by Plusclouds that can perform many functions such as Linux based Router and Load Balancer.


What is Nginx?

Nginx is a web server designed with a focus on high concurrency, high performance, and low memory usage. It can also be used as a reverse proxy , load balancer and HTTP cache .

In this article, we will use the Nginx service for proxy forwarding . This way, your website will be accessible not only from the local network but also from all public connections.

1. First, Log into Your NetGateway Virtual Machine Acting as a Router and Install Nginx

Nginx is available by default in apt repositories. Install nginx with the following command.

apt -y install nginx

2. Create a CSR File for SSL Certificate and Sign it on the Hosting Side

To create a CSR file with OpenSSL, run the following command in the terminal with the necessary permissions.

openssl req -new -newkey rsa:2048 -nodes -keyout example.com -out example.com.csr

example.com Remember to replace the domain names with your own domains!

After entering your company and domain information, you will see two files named example.com.csr and example.com.key created in the directory you are in.

3. Sign Your CSR File

Have the newly created CSR file signed on the hosting side, and then transfer the resulting .pem file to your NetGateway machine.

4. Edit Nginx Configuration

First, access the following directory

cd /etc/nginx

Then use the ls command to view subdirectories and files. You will see two directories named sites-available and sites-enabled . Since we are not hosting our website here, it will be sufficient to define our proxy and SSL configurations within sites-enabled . Enter the directory and create the configuration file with the following commands

cd sites-enablednano example.com.conf

After creating the configuration file, copy and paste the following content. Do not forget to replace the domain name and the web server IP address with your own information.

server {

listen 80;

server_name example.com;

return 301 https:// ​request_uri;

}

server {

listen 443;

server_name example.com;

ssl_certificate /root/ssl/example.com.pem;

ssl_certificate_key /root/ssl/example.com.key;

ssl on;

ssl_session_cache builtin:1000 shared:SSL:10m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;

ssl_prefer_server_ciphers on;

access_log /var/log/nginx/example.com.access.log;

location / {

proxy_set_header Host $host; 

 proxy_set_header X-Real-IP $remote_addr;

 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

 proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://10.0.10.27:80 ; proxy_read_timeout 90;

proxy_redirect http://10.0.10.27:80 https://example.com ;

}

}

In the section at the beginning of the configuration, we specify that Nginx should listen for requests coming to the domain example.com on port 80.

Then in the second section, we configure it to listen on 443, that is, HTTPS port.

At the bottom of the configuration, we specify the IP address of the server where our website is hosted local using proxy_pass .

With the proxy_redirect parameter, we redirect requests coming over port 80, that is, HTTP , to a more secure protocol, HTTPS , that operates with an SSL certificate.

4. Reload Nginx Service

If you did everything correctly, the only thing left is to restart your nginx service and enjoy accessing your website :)

You can check if there are any errors in your configurations with the following command.

nginx -t

Then with the next command, we reload the nginx service to activate our configuration changes.

/etc/init.d/nginx reload

If the Nginx service has been successfully reloaded, this means your website is now ready to be accessed with an SSL certificate.

Looking for authors and journalists!

Looking for authors and journalists!

If you are a journalist, who has desire to dig deep in topics related to businesses and sectors, we want to work with you!

Fatih Çevik

PlusClouds Enthusiast
Sales

Product information

#There is no text provided for translation. Please provide the text you would like to be translated into English.
Auto Quill
AutoQuill writes and posts affiliate marketing content for you.

Easiest Money You Will Ever Make

With the AutoQuill tool that PlusClouds has started to offer to its affiliate partners, content creators will be able to sell with a single click. Let us show you how you can get your share of this revolution.