Configuring Nginx for HTTPS Redirect

  • NOTES
    • If you already have nginx deployed, skip to the “Add a website for URL redirect” step.
  •  Assumptions
    • You have an Ubuntu 22.04 Linux server created
      • 4GB of RAM
      • 30GB of Drive Storage
  • Prerequisites
    • You have a DNS “A” record redirecting all subdomains to your machine.
      • For instance, if your domain is “example.com”, you need to create an A record of “*” to redirect everything to anysubdomain.example.com.
  • Download openssh (OPTIONAL)
    • This allows the user to ssh into the machine to allow for easier copying and pasting of commands
      • sudo -i
        • This puts the current terminal as a super user (can run commands as an admin).
      • apt-get update
        • Updates the current list of Linux packages.
      • apt-get upgrade
        • Upgrades all of the packages/updates the actual software
      • apt-get install openssh-server
        • This installs openssh so you can ssh to the Linux machine
    • Connect to the Linux machine via SSH (use putty or the cmd)
  • Install nginx
    • apt install nginx
      • This installs the nginx software and engine
    • systemctl status nginx
      • this will check the status of nginx, ensuring the it is running
  • Add a website for URL redirect
    • cd /etc/nginx/sites-available
    • nano yourwebsite.example.com
      • You will want this to actually be the URL you are redirecting. For instance, test.nationaltrail.us. “test” is the subdomain and “nationaltrail.us” is the domain we own.
    • Add the following configuration to the file
      • server {
        server_name test.nationaltrail.us;location / {
        proxy_pass http://10.10.8.112; # Point to test web server
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        }

        • This redirects “test.nationaltrail.us” to “http://10.10.8.112”
    • Link sites-available to sites-enabled
      • ln -s /etc/nginx/sites-available/test.nationaltrail.us /etc/nginx/sites-enabled
        • This creates a link from sites-available to sites-enabled to allow nginx to start redirecting/have access to the configuration
    • Test the configuration
      • nginx -t
        • This should have an output such as “the configuration is OK”
    • Restart the nginx service
      • systemctl reload nginx
    • You should now ab able to go to “test.nationaltrail.us” to go to the website located at “10.10.8.112”
  • Add Certbot and secure the site
    • At this point, you are only redirecting traffic, not adding an SSL certificate. This will add encryption to secure the site.
    • Install certbot and the nginx plugin
      • apt install certbot python3-certbot-nginx
    • Secure your website
      • certbot –nginx -d test.nationaltrail.us
    • Go through the installation process. This includes adding a notification email for certificate expiration AND choosing the option for REDIRECTING traffic to HTTPS. This is the second option if you are prompted for it.
    • Restart nginx
      • systemctl reload nginx
  • Connect to your website! It should be secured unless the web app requires further proxy configuration (refer to the webpages documentation for this possibility).

Leave a Reply

Your email address will not be published. Required fields are marked *