Issuing SSL Certificate

SSL certificate on : dashboardapi.hicare.in

Steps:

  1. Use the given command on linux server: 

openssl req -new -newkey rsa:2048 -nodes -keyout dashboardapi_hicare_in.pem -out dashboardapi_hicare_in.csr -subj /CN=dashboardapi.hicare.in; cat dashboardapi_hicare_in.csr

  1. Download the zip file.

  2. Copy file local host to server.

sudo scp -i 'Dashboard Server Key.pem' 'dashboardapi.hicare.in_cert.zip' ubuntu@15.207.50.230:/home/ubuntu/

  1. Now unzip the file:

unzip 'dashboardapi.hicare.in_cert.zip' -d ./dashboardapi.hicare.in_cert

  1. Copy all files of the folder to /etc/ssl/ :

cd dashboardapi.hicare.in_cert
sudo cp -r * /etc/ssl/

  1. Now go to the path: /etc/ssl/ : 

cd /etc/ssl/
cat dashboardapi.hicare.in.crt dashboardapi.hicare.in.ca-bundle >> ssl-bundle.crt

  1. Now, go to the config nginx default file.

cd /etc/nginx/sites-available/
mv default default2
sudo nano default
server {
    listen 80;
    listen        443 ssl; #better to use this
    server_name   dashboardapi.hicare.in;

#ssl on; #ssl on is deprecated now.

ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/dashboardapi_hicare_in.pem;

#global http handler

if ($scheme = http){
return 301 https://dashboardapi.hicare.in$request_uri;
}

ssl_stapling on;
ssl_stapling_verify on;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    location /omdashboard/ {
        proxy_pass         http://127.0.0.1:5000/;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

    location /rmdashboard/ {
        proxy_pass         http://127.0.0.1:5001/;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

    location /portalapi/ {
        proxy_pass         http://127.0.0.1:5002/;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

  1. Changes here in configuration: 

    listen        443 ssl;
    server_name   dashboardapi.hicare.in;
    
    

if ($scheme = http){
return 301 https://dashboardapi.hicare.in$request_uri;
}

ssl_stapling on;
ssl_stapling_verify on;
sudo nginx -t
sudo nginx -s reload
sudo systemctl restart nginx
PreviousPrometheus alert rulesNextConfig sysinfo-web

Last updated