How to Set Up HTTPS and Rewrite Rules in Nginx: A Step‑by‑Step Guide
This tutorial walks through creating a self‑signed CA, generating keys and CSR, signing certificates, configuring nginx.conf for SSL, using the rewrite module, setting up fastcgi with PHP‑FPM, and testing the entire HTTPS setup on a Linux server.
1. Configure HTTPS Site
1. Create a self‑signed CA
(1) Generate private key
mkdir -p /etc/pki/CA/private
umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096
ll /etc/pki/CA/private/(2) Generate self‑signed certificate
openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out cacert.pem -days 7300(3) Prepare CA directories and files
touch /etc/pki/CA/index.txt
echo 01 > /etc/pki/CA/serial
ll /etc/pki/CACA creation completed.
2. Certificate Request
(1) Generate private key on the target host
cd /etc/nginx/
mkdir ssl
cd ssl
umask 077; openssl genrsa -out nginx.key 2048
ll(2) Create a certificate signing request (CSR) openssl req -new -key nginx.key -out nginx.csr -days 365 (3) Sign the CSR with the CA
openssl ca -in /etc/nginx/ssl/nginx.csr -out /etc/nginx/ssl/nginx.crt -days 365If the signing fails, ensure the CA certificate and key paths are correct, e.g.:
openssl req -new -key /etc/pki/CA/private/cakey.pem -days 365 -x509 -out /etc/pki/CA/cacert.pem3. Configure nginx.conf
Edit the main configuration file: vim /etc/nginx/nginx.conf Add the SSL settings, point to the generated key and certificate, and include any required rewrite rules.
Reload and test the server:
nginx -t
systemctl restart nginx4. Nginx rewrite module (important)
Official documentation: ngx_http_rewrite_module
Syntax: rewrite regex replacement [flag]; Key points:
If replacement starts with http:// or https://, Nginx issues a redirect.
Multiple rewrite rules in the same location are processed top‑to‑bottom; [flag] can stop further processing.
Common flags: last (stop current location processing), break, redirect (302), permanent (301).
Additional directives:
if : usable only inside server or location blocks for conditional configuration.
Condition operators: ==, !=, ~ (case‑sensitive regex), ~* (case‑insensitive), !~, !~*.
File tests: -f, -e, -d, -x (and their negations).
return : return code;, return code url;, return url;.
gzip : compression settings such as gzip_comp_level, gzip_min_length, gzip_http_version, gzip_types.
5. FastCGI module (LNMP stack)
Install PHP with FPM support: yum -y install php-fpm php-mysql php-mbstring php-gd php-xml Start the service: systemctl start php-fpm.service Configure nginx.conf to pass PHP requests to PHP‑FPM via fastcgi_params:
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}Test with a simple info.php file placed in /web/html: <?php phpinfo(); ?> Access the file through the browser to verify PHP‑FPM integration.
For additional configuration options, refer to the official Nginx documentation.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.