Enable HTTPS support with NGINX
TIP: To quickly get started with HTTPS and SSL using a Linux native installer, follow these instructions to auto-configure a Let’s Encrypt SSL certificate.
NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks. On account of these changes, the file paths stated in this guide may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and what approach to follow, run the command below:
$ test ! -f "installdir/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."The output of the command indicates which approach (A or B) is used by the installation, and will allow you to identify the paths, configuration and commands to use in this guide. Refer to the FAQ for more information on these changes.
NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server.
Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.
IMPORTANT: For security reasons, never post or disclose your server’s SSL private key in a public forum.
Once you obtain the certificate and certificate key files, you will need to update your server to use them.
Approach A: Bitnami installations using system packages
Follow the steps below to activate SSL support:
-
Use the table below to identify the correct locations for your certificate and configuration files.
Variable Value Current application URL https://[custom-domain]/ Example: https://my-domain.com/ or https://my-domain.com/appname NGINX configuration file installdir/nginx/conf/nginx.conf Certificate file installdir/nginx/conf/bitnami/certs/server.crt Certificate key file installdir/nginx/conf/bitnami/certs/server.key -
Copy your SSL certificate and certificate key file to the specified locations.
-
Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:
$ sudo chown root:root installdir/nginx/conf/bitnami/certs/server* $ sudo chmod 600 installdir/nginx/conf/bitnami/certs/server* -
Open port 443 in the server firewall. Refer to the FAQ for Windows, Linux and macOS for more information.
-
Restart the NGINX server.
$ sudo installdir/ctlscript.sh restart nginx
You should now be able to access your application using an HTTPS URL. In case of server startup errors, check the SSL certificate and key.
Approach B: Self-contained Bitnami installations
Follow the steps below to activate SSL support:
-
Use the table below to identify the correct locations for your certificate and configuration files.
Variable Value Current application URL https://[custom-domain]/ Example: https://my-domain.com/ or https://my-domain.com/appname NGINX configuration file installdir/nginx/conf/nginx.conf Certificate file installdir/nginx/conf/server.crt Certificate key file installdir/nginx/conf/server.key -
Copy your SSL certificate and certificate key file to the specified locations.
-
Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:
$ sudo chown root:root installdir/nginx/conf/server* $ sudo chmod 600 installdir/nginx/conf/server* -
Open port 443 in the server firewall.
-
Restart the NGINX server.
$ sudo installdir/ctlscript.sh restart nginx
You should now be able to access your application using an HTTPS URL. In case of server startup errors, check the SSL certificate and key.