Enable HTTPS support with NGINX

Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and MacOS) or by clicking the shortcut in the Start Menu under “Start -> Bitnami APPNAME Stack -> Application console” (Windows). On OS X VMs, the installation directory is /opt/bitnami and OS X VM users can click the “Open Terminal” button to run commands. Learn more about the Bitnami stack environment and about OS X VMs.

NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server.

Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.

Once you obtain the certificate and certificate key files, you will need to update your server to use them. Follow these steps to activate SSL support:

  • Use the table below to identify the correct locations for your certificate and configuration files.

    Variable Value
    Current application URL https://[custom-domain]/
    Example: or
    NGINX configuration file installdir/nginx/conf/bitnami/bitnami.conf
    Certificate file installdir/nginx/conf/server.crt
    Certificate key file installdir/nginx/conf/server.key
  • Copy your SSL certificate and certificate key file to the specified locations.

  • Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:

    $ sudo chown root:root installdir/nginx/conf/server*
    $ sudo chmod 600 installdir/nginx/conf/server*
  • Open port 443 in the server firewall.

  • Restart the NGINX server.

    $ sudo installdir/ restart nginx

You should now be able to access your application using an HTTPS URL.

Last modification February 7, 2019