Create a self-signed SSL certificate

  Last modified on Friday 19 May 2017

Secure web access to services hosted on a home server.

I am running Tiny Tiny RSS (ttrss) and Nginx on my server and want to divert HTTP traffic from port 80 to HTTPS login and access news feeds on port 443. Rather than obtain an SSL certificate from a certificate authority (CA) its a simple matter to create one for personal use.

Install openssl and generate a certificate for Nginx ...

# apt install openssl
# mkdir /etc/nginx/ssl
# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt

Create a new server block in /etc/nginx/sites-available ...

server {
    listen 80;
    listen [::]:80;
    server_name www.foo.ca;
    return 301 https://$host$request_uri;  ## redirect all non-https traffic to https
}

server {
    listen 443 ssl;
    root /var/www/foo;
    index index.html index.php;

    access_log /var/log/nginx/foo_access.log;
    error_log /var/log/nginx/foo_error.log info;

    server_name www.foo.ca;
    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    location / {
            index           index.php;
    }
}

Activate the block by creating a symlink in /etc/nginx/sites-enabled and restart nginx ...

# systemctl restart nginx

Configure port forwarding on the router and (optional) setup a subdomain with a hosting/domain provider.

Note the first time navigating to the new HTTPS address the web browser warns This Connection is Untrusted (which is to be expected since its a self-signed certificate vs CA verification).

Helpful! Create an SSL certificate on Nginx for Ubuntu; Rewrite HTTP requests to HTTPS; Nginx server_names

Happy hacking!

More • sslcryptonetworkdebianlinux