Adding SSL via NGINX
This section will guide you through setting up SSL via NGINX so you can query the SuperTokens Core with a secure connection.
important
- This guide assumes you have already installed NGINX on your server.
- For the example given below we will be running the SuperTokens core on domain
localhost
and port3567
#
1. Reverse Proxy the SuperTokens Core with NGINXThe SuperTokens core does not support SSL so we need to use NGINX as a reverse proxy to setup a secure connection.
We can start by opening the default NGINX site config file in a code editor. This file can be found at :
- Linux:
/etc/nginx/sites-available/default
. - Mac:
/usr/local/etc/nginx/sites-available/default
. - Windows:
C:\nginx\conf\nginx.conf
.
In the config you want to scroll down to the server
directive.
By default it should look like this:
/etc/nginx/sites-available/defaultserver {
listen 80;
server_name localhost;
...
}We can now configure the
server
directive by adding thelocation
directive with the following values:/etc/nginx/sites-available/defaultserver {
listen 80;
server_name localhost;
location / {
proxy_pass http://localhost:3567;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
The location
directive tells NGINX what to do with the incoming request, proxy_pass
will point the redirect to localhost:3567
You can now test and apply the changes to the NGINX by running the following command:
nginx -t && service nginx restart
We can use the /hello
api of the SuperTokens core to test the connection.
Navigate to http://localhost/hello
and check if it gives a valid response from the core.
#
2. Setting up SSLWe now need to obtain a digital certificate to enable a secure connection with a users browser.
We are going to be using a self signed certificates since we are developing locally, but, you can also use a certificate autorities like Let's Encrypt to generate valid certificates.
Run the following command to generate a self signed certificate using OpenSSL:
openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt
You can set the values
ssl_certificate
andssl_certificate_key
in the NGINX config to specify the locations of the newly generated certificates./etc/nginx/sites-available/defaultserver {
listen 80;
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}Run the test and resetart commands to test and apply your changes:
nginx -t && service nginx restart