Introduction
This guide aims to guide developers on the SSL Configuration feature within Empress. SSL, or Secure Sockets Layer, is a protocol for establishing encrypted links between a web server and a client in online communication. In Empress, it plays a crucial role in providing secure communication and data transfer across different system components and ensuring that user data is protected from security vulnerabilities.
Required Files
To configure SSL, you will need an SSL certificate. This can either be obtained from a trusted Certificate Authority or self-generated. Note that for self-signed certificates, the browser will display a warning indicating that the certificate isn’t trusted.
You will need two files:
- Certificate (usually with extension .crt)
- Decrypted private key
Prerequisites
Before proceeding, ensure the following:
- Empress is set up for DNS Multitenancy.
- Your site can be accessed via a valid domain.
- You have root permissions on your server.
- You have a valid certificate from a trusted Certificate Authority or a Self-Signed Certificate.
If you don’t have a certificate, you can generate a Certificate Signing Request (CSR) with the command:
openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.com.key -out mydomain.com.csr
Once the CSR is generated, you can upload it to your Certificate Authority to generate a valid certificate. If you have multiple certificates (primary and intermediate), concatenate them as follows:
cat your_certificate.crt CA.crt >> certificate_bundle.crt
Ensure that your private key is only readable by the root user:
chown root private.key
chmod 600 private.key
Moving Files and Setting Up Nginx
Next, move the certificate and private key files to an appropriate location:
mkdir /etc/nginx/conf.d/ssl
mv private.key /etc/nginx/conf.d/ssl/private.key
mv certificate_bundle.crt /etc/nginx/conf.d/ssl/certificate_bundle.crt
Set the paths to the certificate and private key for your site:
bench set-ssl-certificate site1.local /etc/nginx/conf.d/ssl/certificate_bundle.crt
bench set-ssl-key site1.local /etc/nginx/conf.d/ssl/private.key
Generate the Nginx configuration:
bench setup nginx
Finally, reload Nginx:
sudo service nginx reload
or
systemctl reload nginx # for CentOS 7
After completing these steps, all HTTP traffic will be redirected to HTTPS.
Conclusion
SSL Configuration is a fundamental aspect in the development and customization of business solutions. It ensures secure communication and data transfer within your Empress applications, providing a crucial layer of security. By following this guide, you will be able to effectively implement and manage SSL configuration in your Empress applications.