# How to configure NGINX to secure Open VSX with HTTPS #### 1. Create an OpenSSL Self-Signed Certificate If you don't have a self-signed certificate, you can create one using the following steps: Create a self-signed certificate with [Certs Maker](https://github.com/soulteary/certs-maker) using the following command: ```bash docker run --rm -it -e CERT_DNS="" -v $(pwd)/certs:/ssl soulteary/certs-maker ``` The path to the certificate files is as follows: ```bash ls $(pwd)/certs ``` Copy the certificate files to the NGINX configuration directory: ```bash sudo mkdir -p /etc/nginx/ssl sudo cp $(pwd)/certs/.crt /etc/nginx/ssl/ sudo cp $(pwd)/certs/.key /etc/nginx/ssl/ ``` #### 2. Configuring NGINX Create and edit the site configuration: ```bash sudo nano /etc/nginx/sites-available/openvsx ``` The site configuration is as follows: ```nginx # Handle HTTP requests on port 80 server { listen 80; server_name ; # Redirect all HTTP requests to HTTPS location / { return 301 https://$host$request_uri; } } # Handle HTTPS requests on port 443 server { listen 443 ssl; server_name ; ssl_certificate /etc/nginx/ssl/.crt; ssl_certificate_key /etc/nginx/ssl/.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; location / { proxy_pass http://:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; } } ``` Create a symbolic link and reload NGINX: ```bash sudo ln -s /etc/nginx/sites-available/openvsx /etc/nginx/sites-enabled/ sudo nginx -t sudo systemctl reload nginx ``` Check and update the configuration: ```bash sudo grep -r '' /etc/nginx/ sudo mv /etc/nginx/sites-available/.conf /etc/nginx/sites-available/.conf.disabled sudo rm /etc/nginx/sites-enabled/.conf sudo ln -s /etc/nginx/sites-available/openvsx /etc/nginx/sites-enabled/ sudo nginx -t sudo systemctl reload nginx ```