Enable HTTPS support with NGINX
TIP: To quickly get started with HTTPS and SSL using a Linux native installer, follow these instructions to auto-configure a Let’s Encrypt SSL certificate.
NOTE: The Approach A sections referred to below do not apply to Bitnami native installers. Users of Bitnami native installers should refer only to the Approach B sections.
NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server.
Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.
IMPORTANT: For security reasons, never post or disclose your server’s SSL private key in a public forum.
Once you obtain the certificate and certificate key files, you will need to update your server to use them.
Approach A: Bitnami installations using system packages
Follow the steps below to activate SSL support:
-
Use the table below to identify the correct locations for your certificate and configuration files.
Variable Value Current application URL https://[custom-domain]/ Example: https://my-domain.com/ or https://my-domain.com/appname NGINX configuration file installdir/nginx/conf/nginx.conf Certificate file installdir/nginx/conf/bitnami/certs/server.crt Certificate key file installdir/nginx/conf/bitnami/certs/server.key -
Copy your SSL certificate and certificate key file to the specified locations.
-
Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:
$ sudo chown root:root installdir/nginx/conf/bitnami/certs/server* $ sudo chmod 600 installdir/nginx/conf/bitnami/certs/server*
-
Open port 443 in the server firewall. Refer to the FAQ for Windows, Linux and macOS for more information.
-
Restart the NGINX server.
$ sudo installdir/ctlscript.sh restart nginx
You should now be able to access your application using an HTTPS URL. In case of server startup errors, check the SSL certificate and key.
Approach B: Self-contained Bitnami installations
Follow the steps below to activate SSL support:
-
Use the table below to identify the correct locations for your certificate and configuration files.
Variable Value Current application URL https://[custom-domain]/ Example: https://my-domain.com/ or https://my-domain.com/appname NGINX configuration file installdir/nginx/conf/nginx.conf Certificate file installdir/nginx/conf/server.crt Certificate key file installdir/nginx/conf/server.key -
Copy your SSL certificate and certificate key file to the specified locations.
-
Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:
$ sudo chown root:root installdir/nginx/conf/server* $ sudo chmod 600 installdir/nginx/conf/server*
-
Open port 443 in the server firewall.
-
Restart the NGINX server.
$ sudo installdir/ctlscript.sh restart nginx
You should now be able to access your application using an HTTPS URL. In case of server startup errors, check the SSL certificate and key.