Https setup in Nginx

1.  Install the Nginx server and the required packages.

apt-get update

apt-get install nginx openssl

2. Create a private key and the website certificate using the OpenSSL command

Create a private key and the website certificate using the OpenSSL command.

mkdir /etc/nginx/certificate

cd /etc/nginx/certificate

openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out nginx-certificate.crt -keyout nginx.key

3. On the option named COMMON_NAME, you need to enter the IP address or hostname.

4.  nginx config before the changes

server {

        listen 80 default_server;

        listen [::]:80 default_server;

        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {

                try_files $uri $uri/ =404;

        }

}

nginx config after the changes

server {

        listen 443 ssl default_server;

        listen [::]:443 ssl default_server;

        ssl_certificate /etc/nginx/certificate/nginx-certificate.crt;

        ssl_certificate_key /etc/nginx/certificate/nginx.key;

        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {

                try_files $uri $uri/ =404;

        }

}

nGinx rewrite rules configuration

 The rewrite Directive

rewrite regex URL [flag];

eg:

rewrite ^ $request_uri;

server {

    # ...

    rewrite ^(/download/.*)/media/(\w+)\.?.*$ $1/mp3/$2.mp3 last;

    rewrite ^(/download/.*)/audio/(\w+)\.?.*$ $1/mp3/$2.ra  last;

    return  403;

    # ...

}

Explanation:

 ->It matches URLs that begin with the string /download 

  -> Then include the /media/ or /audio/ directory somewhere later in the path.

->   It replaces those elements with /mp3/ and adds the appropriate file extension, .mp3 or .ra

Example,

/download/cdn-west/media/file1 becomes /download/cdn-west/mp3/file1.mp3. 

If there is an extension on the filename (such as .flv), the expression strips it off and replaces it with .mp3

Setting up secure custom domain in CloudFront

 ->Obtain an SSL Certificate within Certificate Manager. 

Please note that this allows us to serve your content over https and is a service provided by Amazon for free, and they’ll also take care of its renewal.

Also within the Certificate Manager service, make sure you change your region is same the certificate manager created from.

-->List all your Alternative Domain Names in the CloudFront distribution settings.

-> Reference the SSL Certificate you created. Check the Custom SSL Certificate (example.com) option and pick your SSL Certificate from the list.

note that, our Alternate Domain Names must match those you specified in the SSL Certificate provisioning request — so if you don’t see your certificate in the list, 

that is probably the reason.

-> In your domain hosted zone in Route 53, select to Create Record Set.

crating as an A record for IPv4 and we’ll select the Alias option as CloudFront distribution.

Point to be noted, https is being handled at coudfront level, it can pass it on to ALB to handle https again which subsequently http while hitting backend/ downstream services. 

That is all we need to access mycustom-domain.com  on https via cloudfront.