Configure a site with SSL on an Nginx server

This post describes how to setup a server block on nginx with a Thawte SSL123 certificate.

This how to can of course also be used with other SSL vendors (comodo, digicert, …) but you’ll have to change some steps of course 🙂

First, we’ll start with the certificate request.

To create your request, use the openssl command:

And follow the SSL csr generation process:

Now, if you look inside of your CSR files, you’ll see something like

Now it’s time to go and buy your certificate at your favorite SSL reseller…

Be sure to have a mailbox to be able to send your certificate approval email to (mainly this is: admin@securedomain.com or webmaster@, hostmaster@, administrator@,…)

Once you have received your SSL Certificate from Thawte, create a new file and paste in the certificate.

So paste it inside of www.securedomain.com.crt

Thawte has upgraded their root hierarchy to 2048bit RSA Keys (more information),  so you need the Intermediate CA to support old web browsers. For the nginx web server you can download the file from Thawte here by:

One you have this file, echo the contents and paste it at the end of your crt file.

Now enable SSL in your nginx server block by:

In my example, your site will listen to both Port 80 and 443 (SSL), you can of course redirect http to https by adding this in your nginx server block config:

 

Install PHP 5.2 on Ubuntu 12.04 LTS

Remark: you should already have switched to PHP5.3 and heck, even 5.4…. but some old projects aren’t worth the dev time to update the code to PHP 5.3 or 5.4.

Having issues with your PHP 5.2 legacy websites after migrating them to new hardware and OS releases, which normally run on PHP5.3 or 5.4?

The best way to install PHP5.2 is by adding Karmic repositories to your apt sources. This way, you can simply install PHP 5.2 from package.

An easy way to add the sources is by running a small shell script that:

1) Creates a list of all your currently installed PHP packages.

2) Create the karmic.list files sources.list.d, holding the correct repo’s

3) Create a prefences file in /etc/apt/preferences.d, that pins your PHP version to the PHP5.2 version.

This script is copy pasted from Khalid:

There are of course other ways of installing PHP5.2 on Ubuntu 12.04 LTS, but this one works for me… and I have had no issues so far on my servers and sites..

Credits to: Randy Fay and Khalid

 UPDATE: 

Due to the fact that karmic is no longer in the Archive repo’s, the script needs a little change (replace archive by old-releases)

 

 

UPDATE2:

Today we had a crashed server that needed to be reinstalled. We had some problem with the PIN priority, packages installed still were 5.3.10… Bugger.

But looking a little further, you can use apt-mark hold to ‘pin’ package version to the installed packages.

So we had to install the PHP5.2 packages and ‘hold’ them to that version using:

 

 

 

 

Install Zend Optimizer for php 5.2 and earlier

Zend Optimizer has been updated and renamed to Zend Guard since PHP 5.3.

However, you might still have some older projects running PHP 5.2, where Zend Optimizer is still needed.

Here’s a small how to install for Ubuntu 12.04 LTS with PHP 5.2.

First of all, download Zend Optimizer 3.3.3 through this link: Zend

Unpack it on your server with this command:

Navigate into the data directory, and correct php version, eg:

copy the so file to the php path:

Enable zend optimizer throught /etc/php5/conf.d by typing:

Enable Zend optimizer by reloading apache

Check if Zend Optimizer is enabled by: