Task: Setup SSL for Nginx

Dear friends
@player001
@andrzej
@andybubune
@Lalit
@Inderpreet
@vijin.palazhi
@kodekloud-support3
I am stuck with this task, need your help or suggestions completing the task.
task

  1. Install and configure nginx on App Server 2.
    followed the steps from this article
    https://www.tecmint.com/install-nginx-on-centos-7/
    for configure nginx:
    https://www.server-world.info/en/note?os=CentOS_7&p=nginx&f=4
    image

  2. On App Server 2 there is a self signed SSL certificate and key present at location /tmp/nautilus.crt and /tmp/nautilus.key . Move them to some appropriate location and deploy the same in Nginx.

  3. Create an index.html file with content Welcome! under Nginx document root.

followed the steps from this article


unable to verify or validate the correctness of this task

Please check and advise. thank you
Swaroop

where we have to check?


in this thread I posted my steps
@player001
Please check and advise

@swaroopcs88 the server_name should not include the http etc. It should be just hostname or IP. Further make sure the certificate path you mention in the conf is correct.

hello all firends
i have a problem in ssh for nginx i have to perform some actions in this which i have performed well but i stuck on an aciton in which i have to create an index.html file in document root of nginx there is already a index.html file on that folder which was usr/share/nginx/html but i couldn’t open that file it is written in red color its a symbolic file i think so now what i should do remove it or create my index.html file or i have to do some other thing kindly advice snap of this is attached
thanks
tariq

I copied SSL certificate and key to steve/cert folder.
will this work?




Just updating above settings will it deploy on nginx?
3. Create an index.html file with content Welcome! under Nginx document root.
Not getting an idea to perform this task. any suggestions or link that can help me?
Thanks
Swaroop

Hi Tej, @player001
Please check and advise.

you have create a index.html file in nginx document root path --> /usr/share/nginx/html .
move this cert and key to appropriate location sometimes permission issues may be occur.
This link will be help you to understand more.
https://serverfault.com/questions/259302/best-location-for-ssl-certificate-and-private-keys-on-ubuntu

thanks,

make sure write correct content in index.html --> Welcome!

Hi Tej,

task 2:
On App Server 1 there is a self signed SSL certificate and key present at location /tmp/nautilus.crt and /tmp/nautilus.key . Move them to some appropriate location and deploy the same in Nginx.



task 3:
Create an index.html file with content Welcome! under Nginx document root.


should i make changes here?

1 Like

yeah change that content of index.html and put ssl cert & key /etc/ssl/ .

Create the directory and file on the linked location instead:
mkdir /usr/share/doc/HTML
vi /usr/share/doc/HTML/index.html

Below Steps worked

  1. install nginx
  2. create home/banner/data/index.html [light text welcome!]
  3. set permissions for banner at home level and modify ownership
  4. move certificate and key to /etc/nginx/ssl
  5. install firewalld . open ports 80 and 443 . enable https service.restart firewalld
  6. Edit server section of nginx.conf server - put IP add line listen 443 ssl …comment out the line root . under location add line -> root /home/banner/data;
    7.restart nginx
  7. Everything should be ok. else based on response from curl -Ik https://IP …check and fix for relevant messages on /var/log/nginx/error.log

Solution for beginners: Setup SSL for Nginx Kodekloud

Folks for [Setup SSL for Nginx]

follow below steps:

  1. sudo yum install epel-release
    2.sudo yum install nginx
    3.sudo systemctl start nginx
    4.systemctl status nginx
    If you have firewall running follow this if not skip.
    • sudo firewall-cmd --add-service=http
  • sudo firewall-cmd --add-service=https
  • sudo firewall-cmd --runtime-to-permanent
    • sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
  • sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    • sudo mkdir /etc/ssl/certs and sudo mkdir /etc/ssl/private
  • sudo chmod 700 /etc/ssl/certs
  • sudo chmod 700 /etc/ssl/private
  1. edit the /etc/nginx/nginx.conf file replace above directory in ssl_certificates and copy the file that is given to you in the task question
    cp /tmp/nautilus.crt /etc/ssl/certs
    cp /tmp/nautilus.key /etc/ssl/private
    and edit the nginx.conf file by replacing the default directories there with your above created directories

/etc/ssl/certs/nautilus.crt
/etc/ssl/private/nautilus.key

  1. create a index.html file in /usr/share/nginx/html
    if you see index.html already present in html delete that index.html as you may not able to edit that file.

rm index.html ---- to delete the file
vi index.html ---- Welcome! and save the file :wq

after this curl ip/host address.

curl 172.16.238.10

thanks

1 Like

How about listening on port 443 setting in nginx.conf file?

For some reason I am getting 403 Forbidden Message. Not Welcome!

Any clue what I might be missing?

Nevermind folks, completed the task successfully.

Turns out at /usr/share/nginx/html there exist a file index.html (in red color). At first deletion of this file wasn’t working and the edits made to this file wouldn’t save (gives error E166 can’t open linked file for writing). Therefore, I created index.html elsewhere - in /home/tony/data) and changed the nginx.conf file for root to point to the new location ( root /home/tony/data; ) where index.html was created. — STILL I was getting 403 Forbidden.

Then I followed this article - https://tinyurl.com/y4oqrtag (Safe to open).

  • Ensured User nginx is owner of all directories in /usr/share/nginx
    #sudo chown -R nginx:nginx *

  • Ensured all directories (my case /html and /modules only) have permissions set to 755
    #sudo chmod 755 /html
    #sudo chmod 755 /modules

  • Tried to make sure all files in document root directory (/html) have permission set to 644
    #sudo chmod 644 *

  • Setting 644 yielded error:
    chmod: cannot operate on dangling symlink ‘index.html’ – The red file.

But at this stage (after setting directory owner and directory permissions) - using sudo rm index.html I was able to delete the red index.html file I was having trouble deleting initially.

Next I created new index.html with message Welcome! at location /usr/share/nginx/html/index.html using sudo vi /usr/share/nginx/html/index.html. This time it saved successfully.

Also ensured that in the nginx.conf file location for root was updated to original setting - ( root /usr/share/nginx/html; )

Amazing troubleshooting / reviewing article / finding solution / learning experience.

I am new to linux without any formal training or work related experience on linux. Took me 3 hours to solve, but enjoyed it.

Thanks Team KKE @mmumshad for this platform and to all the contributors in the community.

2 Likes

Good work @arjitn. Appreciated :+1: :grinning: