Next, we should install a certificate to be able to use SSL. To create a self-signed certificate, use these commands:
$ sudo mkdir /etc/nginx/ssl && cd /etc/nginx/ssl $ sudo openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem \-days 365 -nodes $ sudo chmod a-wx * # make files read only $ sudo chown www-data:root * # access only to www-data group
This creates an ssl/ directory inside the /etc/nginx/ directory and creates a passwordless self-signed SSL certificate. When running the openssl command, some additional information will be asked and a certificate and key files are generated. Finally, the ownership of these files is given to the www-data user used to run the web server.