Create a self-signed SSL certificate

  Last modified on Sunday 21 August 2016

Secure web access to services hosted on a home server.

I am running Tiny Tiny RSS (ttrss) and Nginx on my server and want to divert HTTP traffic from port 80 to HTTPS login and access news feeds on port 443. Rather than obtain an SSL certificate from a certificate authority (CA) its a simple matter to create one for personal use.

Install openssl and generate a certificate for Nginx ...

$ sudo apt install openssl
$ sudo mkdir /etc/nginx/ssl
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt

Create a new server block in /etc/nginx/sites-available ...

server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;  ## redirect all non-https traffic to https

server {
    listen 443 ssl;
    root /var/www/foo;
    index index.html index.php;

    access_log /var/log/nginx/foo_access.log;
    error_log /var/log/nginx/foo_error.log info;

    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    location / {
            index           index.php;

Activate the block by creating a symlink in /etc/nginx/sites-enabled and restart nginx ...

$ sudo systemctl restart nginx

Configure port forwarding on the router and (optional) setup a subdomain with a hosting/domain provider.

Note the first time navigating to the new HTTPS address the web browser warns This Connection is Untrusted (which is to be expected since its a self-signed certificate vs CA verification).

Happy hacking!

Sources: Create an SSL certificate on Nginx for Ubuntu; Rewrite HTTP requests to HTTPS; Nginx server_names

More • servernetworklinux