This is actually very simple, we create a certificate and key using openssl and then we set up our nginx block.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/selfsigned.key -out /etc/ssl/certs/selfsigned.crt
This will generate a key and certificate that we can then use in nginx. We will be prompted for a few bits of information, the key part is to set the Common Name question to the ip address we are securing.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://192.168.7.41$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name _;
root /usr/share/nginx/html;
ssl_certificate /etc/ssl/certs/selfsigned.crt;
ssl_certificate_key /etc/ssl/selfsigned.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
...
}
}
Now we have our nginx service using our self signed certificate.
> sudo nginx -t
We make sure our nginx configuration is still syntactically correct.
> sudo service nginx restart
Voila! We should now be able to navigate to our ip address and get a security warning about an untrusted certificate. Now we can all the certificate and we can continue working away!