Ubuntu 16.04: Install SSL on Nginx and Tomcat 7

by Didin J. on Feb 04, 2017 Ubuntu 16.04: Install SSL on Nginx and Tomcat 7

Easy way how to install SSL on Nginx and Tomcat 7 inside Ubuntu 16.04 Server that will make Nginx and Tomcat 7 more proven and confidence.

Tutorial of Ubuntu 16.04: Install SSL on Nginx and Tomcat 7 for the production server. This additional of SSL certificate will make the combination of Nginx and Tomcat 7 more proven and confidence.

This article is part of the previous article for installing Nginx as a reverse proxy of tomcat 7 and java 8. Every website or web application that concern with user data transfer security needs to install SSL. No exception for a web application that deployed on Tomcat 7. Honestly, there are so many lacks for installing SSL directly on Tomcat 7, that's why we put Tomcat 7 on the back of Nginx HTTP server. With this, installing SSL more simple in Nginx without changing anything in Tomcat 7 side. For that, let's get started.

1. Prepare SSL Certificates

We assumed that you already have SSL certificate from SSL provider as GoDaddy, GeoTrust, Commodore, RapidSSL, etc. Usually, you will get 4 files there are "yourdomain-root.crt", "yourdomain-bundle.crt", "yourdomain.csr" and "yourdomain.key". In Nginx, we only use 2 files. Now connect to your Ubuntu VPS using ssh or putty.

If your server use as API server for Android apps, you should create an intermediate certificate by using this command to joining root and bundle certificates.

cat yourdomain-root.crt yourdomain-bundle.crt >> ssl-bundle.crt

After that, create a new folder in Nginx folder.

sudo mkdir /etc/nginx/ssl

Then copy "ssl-bundle.crt" and yourdomain.key to that folder.

sudo cp ssl-bundle.crt /etc/nginx/ssl/
sudo cp yourdomain.key /etc/nginx/ssl/

You should set permission for both files too.

sudo chmod 600 /etc/nginx/ssl/*

2. Configure Nginx to Enabled SSL

To make all request redirect to HTTPS, open Nginx configuration file with your favorite text editor.

sudo nano /etc/nginx/sites-enabled/default

Then add this lines above default server section.

server {
    listen   80;
    listen   [::]:80;

    server_name www.yourdomain.com;

    return 301 https://$server_name$request_uri;

Inside server section under newly added makes it like this.

server {
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        root /var/lib/tomcat7/webapps/yourtomcatapp-0.1;

        index index.html index.htm index.nginx-debian.html;

        server_name www.yourdomain.com;

        ssl on;
        ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
        ssl_certificate_key /etc/nginx/ssl/yourdomain.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
        ssl_prefer_server_ciphers on;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                # try_files $uri $uri/ =404;
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;

Save it and quit text editor then reload or restart Nginx.

sudo service nginx restart

Now, your server is ready for serving your client request using SSL or HTTPS.

That so simple install SSL on Nginx and Tomcat 7.