Category Archives: Nginx

Amazon Load Balancer setting SSL with Certificate Chain

First of all, let’s assume you have the following files with you:

  • yourdomain.key Your domain’s private Key
  • yourdomain.crt Your domain’s public Key
  • sf_bundle.crt The Certificate Chain

Step 1 – Preparing the files

Create a PEM-encoded version of your private key

1
openssl rsa -in yourdomain.key -outform PEM -out yourdomain.pem

Step 2 – Setting the certificate on Amazon

On your Amazon account go to Load Balancers > Your Load Balencer > Listeners

Load Balencer Protocol: HTTPS
Load Balencer Port: 443
Instance Protocol: HTTP
Instance Port: 80
Cipher: ELBSample-OpenSSLDefaultCipherPolicy
Certificate Name: Yourdomain.com
Private Key: <past yourdomain.pem file here>
Public Key Certificate: <past yourdomain.crt file here>
Certificate Chain: <past sf_bundle.crt file here>

Note: This means every request to the Load Balancer will be made on HTTPS. The traffic from the Load Balancer to the destiny instance will be regular HTTP. This way you don’t have to setup any certificate on your instance’s Apache/Nginx web server.

Step 3 – Test

If everything went as expected you should be able to open https://yourdomain.com.

Now, use a SSL check tool to see if everything is OK: http://www.sslshopper.com/ssl-checker.html#hostname=https://yourdomain.com

You should see something like this:

2833574

 

nginx serve subdirectory as domain root

Say you have the following file structure:

1
2
3
4
5
site.com/
  main_site/
  site_a/
  site_b/
  site_c/

If you want:

  • http://site.com to show /main_site/’s files
  • all remaining sites to be served as usual (example: http://site.com/site_b/)

All you have to do is to edit site.com.conf’s file as follows:

1
2
3
4
5
6
7
8
9
10
11
  location / {
    try_files $uri $uri/ @missing; # try to get site.com/requested_file, if does not exist jump to @missing
  }

  location /main_site {
    # do nothing
  }

  location @missing { # if file is not present on the root, serve the /main_site
    rewrite ^ /main_site$request_uri?;
  }

Source

Nginx SSL configuration for HTTPS and HTTP

The following config will make the domain available both on HTTP and HTTPS protocols:

1
2
3
4
5
6
7
8
9
10
11
12
13
server {
  listen 80;
  listen 443 default ssl;
  #ssl on;  ##### SEE: http://stackoverflow.com/a/8811733/269622
  ssl_certificate /var/www/domain.com/ssl/domain.com.crt;
  ssl_certificate_key /var/www/domain.com/ssl/domain.com.key;

  server_name domain.com;

  root /var/www/domain.com/httpdocs/;

  # ...
}