SSL on IP Address

You know, because of $WORK and a few other things, I have to set up public facing server which serves SSL thingy. Though we only have a single public IP with no domain attached on it, we can still use it. Furthermore, it actually only takes a few easy steps.

  1. Generate certificates.
  2. Set nginx.
  3. ???
  4. Profit.

Generate Certificates

I took the easiest path by using owntrack' script to generate those certs and its friends.

In the script above, I just modified a few lines, for example,


On $IPLIST, i just put our public IP, while on $CA_ORG, I just put some relevant information.

And then issued bash followed by moving those certs to /etc/nginx/ssl/ dir.

Set nginx

I just assumed that you already have installed nginx on your server. Okay, then I edited /etc/nginx/sites-enabled/$PUBLIC_IP to something along this line.

server {
	listen 			    8443;
	ssl 			    on;
	ssl_certificate 	/etc/nginx/ssl/$YOUR_PUBLIC_IP.crt;
	ssl_certificate_key /etc/nginx/ssl/$YOUR_PUBLIC_IP.key;
	server_name 		$YOUR_PUBLIC_IP;
	location / {

On that server block, we tell nginx to

I swear on me mum's name, mate, Nginx's configuration file is much nicer than Apache HTTPD's. That's just a personal taste, though.


(Re)Start the nginx service / daemon.


Fire up your browser and open https://$YOUR_PUBLIC_IP. You will be greeted by ssl warning. Just accept it. Sometimes, you have to trust and believe in yourself.

This material is shared under the CC-BY License.