How to Configure SSL on OpenSUSE Server with Cloudflare and Nginx
Securing your OpenSUSE server with SSL is crucial for protecting data and ensuring secure connections. By leveraging Cloudflare’s free SSL services, you can simplify this process while enhancing performance and security. This guide will focus on configuring SSL for Nginx on an OpenSUSE server using Cloudflare.
Prerequisites
- A Domain Name: Ensure your domain is registered and connected to Cloudflare.
- OpenSUSE Server: A running instance of OpenSUSE with root or sudo access.
- Cloudflare Account: An active account with your domain added to Cloudflare.
- Nginx Installed: Nginx must be installed and running on your server.
WARNINGBefore proceeding with these steps, it is highly recommended to back up all critical files and configurations on your server. This ensures that you can restore your system in case something goes wrong during the setup process.
Install steps
Step 1: Update Your OpenSUSE Server
Start by updating your server packages:
sudo zypper refresh
sudo zypper updateRestart the server if necessary:
sudo rebootStep 2: Install Nginx
If Nginx is not already installed, you can install it using:
sudo zypper install nginxStart and enable Nginx to run on boot:
sudo systemctl start nginx
sudo systemctl enable nginxStep 3: Configure Cloudflare SSL
- Log in to your Cloudflare account.
- Navigate to the SSL/TLS section in the dashboard.
- Set the SSL/TLS encryption mode to Full or Full (Strict). The “Full (Strict)” mode ensures a secure connection between Cloudflare and your server using a valid certificate.
Step 4: Generate an Origin Certificate in Cloudflare
- In the SSL/TLS section, go to Origin Server.
- Choose Let Cloudflare generate a private key and a CSR (RSA 2048), Certificate Validity 15 Years and click Create.
- Copy the certificate and private key provided by Cloudflare.
Step 5: Install the Origin Certificate on OpenSUSE
Save the certificate and private key to your server:
sudo mkdir -p /etc/ssl/cloudflare sudo nano /etc/ssl/cloudflare/origin.pemPaste the certificate content and save the file.
sudo nano /etc/ssl/cloudflare/origin.keyPaste the private key content and save the file.
Set appropriate permissions:
sudo chmod 600 /etc/ssl/cloudflare/origin.key sudo chmod 644 /etc/ssl/cloudflare/origin.pem
Step 6: Configure Nginx for SSL
Edit the Nginx configuration file for your domain:
sudo nano /etc/nginx/conf.d/your-domain.confAdd the following configuration:
server {
listen 80;
server_name your-domain.com www.your-domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name your-domain.com www.your-domain.com;
ssl_certificate /etc/ssl/cloudflare/origin.pem;
ssl_certificate_key /etc/ssl/cloudflare/origin.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384";
root /var/www/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}Save and exit the file.
Test the Nginx configuration:
sudo nginx -tIf there are no errors, restart Nginx:
sudo systemctl restart nginxStep 7: Verify the SSL Configuration
- Use an SSL checker tool to ensure the certificate is properly installed.
- Access your website using
https://your-domain.comto verify the secure connection.
FAQs
Why use Cloudflare’s SSL instead of a traditional SSL provider?
Cloudflare’s SSL is free and provides additional features like DDoS protection, content caching, and performance optimization.What does the
return 301 https://$host$request_uri;line do in the Nginx configuration?
It redirects all HTTP traffic to HTTPS, ensuring secure connections to your site.Can I use this guide for other Linux distributions?
Yes, but package management and configuration paths may differ. Adjust commands accordingly for distributions like Ubuntu or CentOS.