I used NGINX for my node.js server for install an proxy server for reverse port binding
And after i created SSL certification using this tutorial
This is my nginx status
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2023-03-03 07:52:25 UTC; 16s ago
Process: 21031 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 21028 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 21026 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 21033 (nginx)
CGroup: /system.slice/nginx.service
├─21033 nginx: master process /usr/sbin/nginx
├─21034 nginx: worker process
└─21035 nginx: worker process
Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...
Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal nginx[21028]: nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/sites-available/gestionale.conf:23
Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal nginx[21028]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal nginx[21028]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal nginx[21031]: nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/sites-available/gestionale.conf:23
Mar 03 07:52:25 ip-MY-IP.eu-south-1.compute.internal systemd[1]: Started The nginx HTTP and reverse proxy server.
and this is my included conf file
server
{
listen 443;
server_name my-host.com;
#root /usr/share/nginx/www; index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
#location /overview {
# proxy_pass http://127.0.0.1:3000$request_uri;
# proxy_redirect off;
#}
}
}
The result is this:
it means "dangerous"
and this
it means "Deceptive site in sight
Malicious users on the my-host.com site may trick you into doing dangerous things, such as installing software or revealing personal information (such as passwords, phone numbers, or credit cards)."
What did i wrong and how can i resolve it?
And another questio is this:
I also tried to use AWS certification creating dns pool adding CNAMES
of certificate using load balancer where i included the certificate on HTTPS listener and added an redirect to HTTPS on HTTP listener.
The result is this:
2
Answers
The guide that you linked shows you how to create a self-signed certificate, that means that the certificate you have is not signed by a known CA.
In short, you need a certificate that has been signed by a third party that is trusted by your OS / browser (depending on which trust store is being used).
You could buy a certificate from some known third party ex: comodo, DigiCert.
But if you don’t want to buy anything I’d recommend looking into LetsEncrypt: https://letsencrypt.org/docs
And generate one using them that’s free.
You have installed a self-signed certificates, it’s better to use Let’s Encrypt. It’s a free certificate authority.