how-to-configure-ssl-certificate-in-nginx.png
Blogger_636894212542259474.png
By: Nimisha Muralidhar

How to Configure SSL Certificate in NGINX

Technical

The secure socket layer(SSL) is a networking protocol, which secures the connections between web clients and web servers over an insecure network such as the internet.

Advantages:
- SSL protects data.
- It ensures identity
- Better search engine ranking
- SSL improves customer trust.

Let’s start with installing odoo,

To install Odoo13, refer the blog:  

Odoo works in a built-in web server. In most of the cases, it is better to have a reverse proxy. Odoo runs in HTTP mode which is not sure. To run odoo with NGINX and secure HTTPS, We have to install NGINX and configure it with an SSL certificate.

Nginx is a web server designed for maximum stability and performance. It can be used for reverse proxying, load balancing, etc

To configure odoo with NGINX as a reverse proxy, refer the blog:

Once done with NGINX, we need to configure SSL into the NGINX configuration.

- Edit the current nginx server block Or create a new server block if it is not created yet.

- Add the following lines:

Cd /etc/nginx/sites-enabled
server {
listen 80 default_server;
listen [::]:80 ipv6only=on default_server;
server_name testing.com www.testing.com ;
return 301 https://$server_name$request_uri;
}
server {
        listen 80;
        server_name sub_domain.testing.com www.sub_domain.testing.com;
        return 301 https://$server_name$request_uri;
}//for subdomain
server {
    server_name testing.com 111.111.111.111; 
    listen 443 ssl;
    access_log /var/log/nginx/testing-access.log;
    error_log /var/log/nginx/testing-error.log;
    location /longpolling {
        proxy_connect_timeout   3600;
        proxy_read_timeout      3600;
        proxy_send_timeout      3600;
        send_timeout            3600;
        proxy_pass http://127.0.0.1:8072;
    }
    location / {        
proxy_connect_timeout   3600;
        proxy_read_timeout      3600;
        proxy_send_timeout      3600;
        send_timeout            3600;
proxy_redirect     off;
        proxy_pass http://127.0.0.1:8069/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    ssl on;
    ssl_certificate /etc/ssl/nginx/bundle.crt;
    ssl_certificate_key /etc/ssl/nginx/_.testing.com_private_key.key;
    ssl_session_timeout 30m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RS$';
    ssl_prefer_server_ciphers on;
    gzip on;
    gzip_min_length 1000;
}
upstream odoo {
server 127.0.0.1:8069 weight=1 fail_timeout=0;
}
upstream odoo-im {
server 127.0.0.1:8072 weight=1 fail_timeout=0;
}
    
 NOTE:

Replace testing.com with your domain, sub_domain.testing.com with your subdomain and IP(111.111.111.111) with your IP.

In the above lines, Let's discuss SSL on:

ssl on;
    ssl_certificate /etc/ssl/nginx/bundle.crt;
    ssl_certificate_key /etc/ssl/nginx/_.testing.com_private_key.key;
    ssl_session_timeout 30m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

The main part of ssl configuration is to generate an SSL certificate from a certificate provider. You will get a generated certificate in a .pem file with a key or which consists of a ssl_certificate.crt IntermediateCA.crt file with the key. If you get .pem file, we can directly add the path of the file to the NGINX configuration as follows:

ssl_certificate /etc/ssl/nginx/cert_bundle.pem;

cert_bundle.pemis the concatenated file of .crt files. If .pem file is not provided then we need to concatenate those files and add it to the path.

To concatenate the files,use the following code:  

cat ssl_certificate.crt IntermediateCA.crt >>  bundle.crt

Here, I used a concatenated file bundle.crt. Next is to add the path of the key.
ssl_certificate_key /etc/ssl/nginx/_.testing.com_private_key.key;
After making necessary changes in the NGINX configuration, Don’t forget to restart NGINX 

service nginx restart.



cybrosys youtube

Comments

0


Leave a comment

 
Calicut

Cybrosys Technologies Pvt. Ltd.
Neospace, Kinfra Techno Park
Kakkancherry, Calicut
Kerala, India - 673635

London

Cybrosys Limited
Alpha House,
100 Borough High Street, London,
SE1 1LB, United Kingdom

Kochi

Cybrosys Technologies Pvt. Ltd.
1st Floor, Thapasya Building,
Infopark, Kakkanad,
Kochi, India - 682030.

Bangalore

Cybrosys Techno Solutions
The Estate, 8th Floor,
Dickenson Road,
Bangalore, India - 560042

Send Us A Message
 
 
 
 
Close
cybrosys