DEV Community

Cover image for Setting up SSL Certificate with Nginx
Ajisafe Oluwapelumi
Ajisafe Oluwapelumi

Posted on

Setting up SSL Certificate with Nginx

One of the essential steps to ensure secure connections on any website or web application is to set up SSL (Secure Socket Layer) certificates.

SSL certificates encrypt data transmitted between a user's browser and the web server, safeguarding sensitive information from prying eyes. In this post, we will walk through the process of setting up an SSL certificate with Nginx, a powerful and widely-used web server.

Prerequisites:

Before we get started, make sure you have the following prerequisites in place:

  1. A domain name (e.g. www.example.com).
  2. A server with Nginx installed and running.

Let's Begin Meme

Obtaining an SSL Certificate:

The first step is to obtain an SSL certificate, and we will use Let's Encrypt, a free and widely recognized certificate authority, to do this. Let's Encrypt offers an automated certificate issuance process using the Certbot tool.
To get started, follow these steps:

Step 1: Install Certbot



sudo apt update
sudo apt install certbot python3-certbot-nginx


Enter fullscreen mode Exit fullscreen mode

Step 2: Obtaining the SSL Certificate



sudo certbot certonly --standalone -d <your-domain-name> --non-interactive --agree-tos --email <your-email>


Enter fullscreen mode Exit fullscreen mode

Certbot will handle the entire certificate issuance process for you. After a successful run, the SSL certificate and private key will be stored on your server.

Nginx Configuration for SSL:

Now that we have the SSL certificate, let's configure Nginx to enable SSL on our domain.
Locate your Nginx configuration file for the domain (usually found in /etc/nginx/sites-available/default), and add the following lines within the server block:



server {
    listen 443 ssl;
    listen [::]:443 ssl;

    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;

    server_name <your-domain-name>;

    ssl_certificate /etc/letsencrypt/live/<your-domain-name>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<your-domain-name>/privkey.pem;

    location / {
        try_files $uri $uri/ =404;
    }
}


Enter fullscreen mode Exit fullscreen mode
  • The listen 443 ssl; and listen [::]:443 ssl; lines enable SSL on port 443, the default HTTPS port.
  • The ssl_certificate and ssl_certificate_key directives point to the SSL certificate and private key files obtained from Certbot.
  • The location / block handles the regular web page requests.

Configuring HTTP to HTTPS Redirection:

To redirect HTTP traffic to HTTPS, add the following server block for port 80 in the same Nginx configuration file as the above:



server {
    listen 80;
    listen [::]:80;

    server_name <your-domain-name>;

    location / {
        return 301 https://$host$request_uri;
    }
}


Enter fullscreen mode Exit fullscreen mode
  • The location / block performs an HTTP 301 (permanent) redirect to the HTTPS version of the same URL (https://$host$request_uri), effectively enforcing secure connections over HTTPS for the entire website.

Testing and Reloading Nginx:

Before applying the changes, test your Nginx configuration for syntax errors:



sudo nginx -t


Enter fullscreen mode Exit fullscreen mode

If the test is successful, reload Nginx to apply the new configuration:



sudo systemctl reload nginx


Enter fullscreen mode Exit fullscreen mode

Remember to replace with your actual domain name in the configuration. Additionally, you should customize the location blocks and server settings according to your specific requirements.

Top comments (0)