On Linux it couldn’t be easier, this works on Debian, Ubuntu, Raspbian and should work on any debian based system
sudo apt-get install openssl -yA quick explanation about the best encryption. Other guides use des which is outdated and slow (Source). AES encryption has won awards for its strength, your home router is capable of AES encryption. There is a quick overview of AES encryption types. We will be using RSA which is also a respectable encryption method.
Open a command prompt for Windows or terminal for Mac and Linux
On Linux create an SSL directory
sudo mkdir -p /etc/nginx/sslNow to create the actual SSL certificates, it will last 36500 days and have rsa 2048 bit encryption. The nodes switch means we don’t have to enter the server key’s password each time you connect to the nginx web server.
Create the certificate and key on Linux
sudo openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crtOn all operating systems you will be prompted for some information, you can leave them all blank if you like
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: DK
State or Province Name (full name) [Some-State]: Utopia
Locality Name (eg, city) []: Gotham
Organization Name (eg, company) [Internet Widgits Pty Ltd]: HTPC Guides
Organizational Unit Name (eg, section) []: Admin
Common Name (e.g. server FQDN or YOUR name) []: HTPCGuides.com
Email Address []: [email protected]Now you can actually configure nginx to use the SSL certificates
Open the Linux nginx configuration file, adjust reverse if your file is different
sudo nano /etc/nginx/sites-available/reverseAdd the listen 443 ssl; and ssl_certificate lines, make sure your server_name is set
server {
listen 80;
server_name HTPCGuides.com 192.168.40.100 localhost;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}Hit Ctrl+X, Y and Enter to save the configuration and restart nginx in Linux
sudo service nginx restart