One of the essential steps to ensure secure connections on any website or web application is to set up SSL (Secure Socket Layer) certificates.
SSL certificates encrypt data transmitted between a user's browser and the web server, safeguarding sensitive information from prying eyes. In this post, we will walk through the process of setting up an SSL certificate with Nginx, a powerful and widely-used web server.
Prerequisites:
Before we get started, make sure you have the following prerequisites in place:
- A domain name (e.g. www.example.com).
- A server with Nginx installed and running.
Obtaining an SSL Certificate:
The first step is to obtain an SSL certificate, and we will use Let's Encrypt, a free and widely recognized certificate authority, to do this. Let's Encrypt offers an automated certificate issuance process using the Certbot tool.
To get started, follow these steps:
Step 1: Install Certbot
sudo apt update
sudo apt install certbot python3-certbot-nginx
Step 2: Obtaining the SSL Certificate
sudo certbot certonly --standalone -d <your-domain-name> --non-interactive --agree-tos --email <your-email>
Certbot will handle the entire certificate issuance process for you. After a successful run, the SSL certificate and private key will be stored on your server.
Nginx Configuration for SSL:
Now that we have the SSL certificate, let's configure Nginx to enable SSL on our domain.
Locate your Nginx configuration file for the domain (usually found in /etc/nginx/sites-available/default), and add the following lines within the server block:
server {
listen 443 ssl;
listen [::]:443 ssl;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name <your-domain-name>;
ssl_certificate /etc/letsencrypt/live/<your-domain-name>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<your-domain-name>/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
}
- The
listen 443 ssl; andlisten [::]:443 ssl; lines enable SSL on port 443, the default HTTPS port. - The
ssl_certificateandssl_certificate_keydirectives point to the SSL certificate and private key files obtained from Certbot. - The location
/block handles the regular web page requests.
Configuring HTTP to HTTPS Redirection:
To redirect HTTP traffic to HTTPS, add the following server block for port 80 in the same Nginx configuration file as the above:
server {
listen 80;
listen [::]:80;
server_name <your-domain-name>;
location / {
return 301 https://$host$request_uri;
}
}
- The location
/block performs an HTTP 301 (permanent) redirect to the HTTPS version of the same URL (https://$host$request_uri), effectively enforcing secure connections over HTTPS for the entire website.
Testing and Reloading Nginx:
Before applying the changes, test your Nginx configuration for syntax errors:
sudo nginx -t
If the test is successful, reload Nginx to apply the new configuration:
sudo systemctl reload nginx
Remember to replace with your actual domain name in the configuration. Additionally, you should customize the location blocks and server settings according to your specific requirements.
Top comments (0)