Installing and Configuring NGINX with SSL on Red Hat Enterprise Linux

Prerequisites

Ensure you have root or sudo privileges on a Red Hat Enterprise Linux 9 or CentOS Stream system.

Configuring the NGINX Repository

Install the yum utilities package to manage repositories:

sudo dnf install -y yum-utils

Create the official NGINX repository configuration file:

sudo tee /etc/yum.repos.d/nginx.repo <<'EOF'
[nginx-stable]
name=NGINX Stable Repository
baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=NGINX Mainline Repository
baseurl=http://nginx.org/packages/mainline/rhel/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

Installation and Service Management

Enstall the NGINX package:

sudo dnf install -y nginx

Enable the service to start on boot and start it immediately:

sudo systemctl enable --now nginx

Control NGINX using signals:

# Graceful shutdown
sudo nginx -s quit

# Reload configuration without downtime
sudo nginx -s reload

# Test configuration syntax
sudo nginx -t

Key Directory Structure

  • Main configuration: /etc/nginx/nginx.conf
  • Binary executable: /usr/sbin/nginx
  • Default document root: /usr/share/nginx/html
  • SSL certificates: /etc/pki/tls/certs/
  • Private keys: /etc/pki/tls/private/
  • Process ID: /run/nginx.pid

SSL Certificate Preparation

Place your certificate and private key in the appropriate directories:

sudo cp your_domain.crt /etc/pki/tls/certs/
sudo cp your_domain.key /etc/pki/tls/private/
sudo chmod 600 /etc/pki/tls/private/your_domain.key

HTTPS Server Configuration

Edit the main configuration file:

sudo nano /etc/nginx/nginx.conf

Example configuration implementing HTTP to HTTPS redirection:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;

events {
    worker_connections 2048;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
    
    access_log /var/log/nginx/access.log main;
    
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 60;
    
    # HTTP server - redirect to HTTPS
    server {
        listen 80;
        listen [::]:80;
        server_name _;
        return 301 https://$server_name$request_uri;
    }
    
    # HTTPS server
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name your_domain.com www.your_domain.com;
        
        root /usr/share/nginx/html;
        index index.html index.htm;
        
        ssl_certificate /etc/pki/tls/certs/your_domain.crt;
        ssl_certificate_key /etc/pki/tls/private/your_domain.key;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;
        
        location / {
            try_files $uri $uri/ =404;
        }
    }
}

Applying Configuration Changes

Validate the configuration and reload NGINX:

sudo nginx -t
sudo systemctl reload nginx

Tags: nginx ssl-certificate https-configuration rhel centos

Posted on Sun, 17 May 2026 11:32:36 +0000 by bodzan

Hot Tags

©2026 Freaks City