Tổng đài tư vấn: 033 688 8648
Hotline: 039 511 6390
In case you only use a local domain, you cannot use Let's Encrypt because they require authenticating the actual domain on the internet. Instead, you can create a self-signed SSL certificate for use in a development environment or intranet.
Below are the steps to create a self-signed SSL certificate and configure Nginx to use this certificate.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.crt
In there:
-days 365: Certificate validity (365 days).
-keyout selfsigned.key: Name of the private key file.
-out selfsigned.crt: Name of the certificate file.
When running the above command, openssl will ask you to fill in some information. You can skip it or fill it in yourself as you like for internal purposes.
Add the following configuration to Nginx's configuration file:
server {
listen 80;
listen [::]:80;
listen 443 ssl;
server_name localhost.vn;
index index.php index.html index.htm;
root /var/www/html;
ssl_certificate /etc/letsencrypt/selfsigned.crt;
ssl_certificate_key /etc/letsencrypt/selfsigned.key;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
sudo systemctl reload nginx