nginx ssl configuration

NGINX SSL Configuration Step by Step Details

NGINX SSL Configuration allows you to enable HTTPS on your websites and protect them from malicious attacks. Here’s a step by step NGINX SSL configuration to help you secure your websites.

 

How to Configure SSL Certificates in NGINX Web Server

Here are the steps to configure SSL certificates in NGINX web server.

 

1. Get SSL Certificate

Next, get the SSL/TLS certificate bundle from your certificate authority such as Namecheap, RapidSSL, Comodo, GoDadddy, Let’s Encrypt, etc. You can also use a free SSL provider like SSLForFree.

You will get 3 files from certificate authority via email or by logging into their website.

  1. key (e.g private.key) – your key file. Don’t share this with anyone publicly
  2. Certificate (e.g certificate.crt) – actual SSL/TLS certificate for your domain
  3. Intermediate (e.g intermediate.crt) – Root/intermediate certificate

Bonus Read : How to Prevent Image Hotlinking in NGINX

 

2. Link SSL Files

Create a directory to store the above-mentioned files

$ sudo mkdir /etc/nginx/ssl
$ cd /etc/nginx/ssl

Download the three SSL files mentioned in step 2 to the above directory.

Link the certificate and intermediate files to create a bundle.crt file

cat certificate.crt intermediate.crt >> bundle.crt

Bonus Read : How to Harden NGINX Server

 

3. Open NGINX Configuration

Open terminal and run the following command to open NGINX server configuration file.

$ sudo vi /etc/nginx/nginx.conf

If you have configured separate virtual hosts for your website (e.g www.example.com), such as /etc/nginx/sites-enabled/example.conf then open its configuration with the following command

$ sudo vi /etc/nginx/sites-enabled/example.conf

Bonus Read : How to Setup Virtual Hosts in NGINX

 

4. Configure SSL certificate in NGINX

Create a server block that listens to port 443 (HTTPS port)

server {
    listen 443;
    ssl on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate /etc/nginx/ssl/bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/private.key;
    ...
}

In the above configuration, the first line will ensure that NGINX server listens to port 443. The second line will enable SSL.

The next line specifies the SSL protocols to be supported by NGINX. For our example, we have enabled TLS version 1, version 1.1 and 1.2. You can change it as per your requirement.

The next two lines specify the file paths to bundle.crt file created in Step 2 and private.key downloaded in step 1. Here’s a sample server block for your reference

server {
    listen 443;
    ssl on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate /etc/nginx/ssl/bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/private.key;

    server_name www.example.com;
    access_log /path/to/nginx/accces/log/file;
    error_log /path/to/nginx/error/log/file;

    location / {
        root  /var/www/html/yoursite/;
        index  index.html;
    }
}

Bonus Read : How to Enable CORS in NGINX

 

4. Restart NGINX Server

Finally, run the following command to check syntax of your updated config file.

$ sudo nginx -t

If there are no errors, run the following command to restart NGINX server.

$ sudo service nginx reload #debian/ubuntu
$ systemctl restart nginx #redhat/centos

 

5. Test NGINX SSL Configuration

Open a browser and visit https:// version of your domain (e.g https://www.example.com).

You will see a lock symbol next to your URL, in browser’s address bar, indicating that your website’s SSL/TLS certificate is working properly.

example.com https ssl tls

Hopefully, now you can configure SSL certificate in NGINX for Ubuntu as well as other Linux systems.

 

That’s it! Hopefully the above NGINX SSL Configuration will help you install SSL certificates in NGINX.

Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it today!

mm

About Ubiq

Ubiq is a powerful dashboard & reporting platform for small & medium businesses. Build dashboards, charts & reports for your business in minutes. Get insights from data quickly. Try it for free today!