en
  English
Phone :  +370 (5) 204-1903
Email :  sales@1gbits.com
  1. Dedicated server
  2. Blog
  3. How To Configure SSL with Nginx

How To Configure SSL with Nginx

This tutorial will go through the steps to configure SSL with Nginx. To Configure Nginx With SSL, three options are Required:

Security Tutorials Sep 24, 16 by admin 5 min Read
How To Configure SSL with Nginx

  1. Installed Nginx webserver on Linux VPS or Dedicated Server
  2. Domain Name
  3. SSL Certificate

NGINX is open-source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers.

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry-standard used by millions of websites to protect online transactions with customers.

TLS, or transport layer security, and its predecessor SSL, which stands for secure sockets layer, are web protocols that wrap normal traffic in a protected, encrypted wrapper. Using this technology, servers can send traffic safely between the server and the client without the concern that the messages will be intercepted and read by an outside party.

The certificate system also assists users in verifying the identity of the sites they are connecting with. Let's get started!

Create a directory

mkdir -p /etc/nginx/ssl/1gbits.com

Generating Your SSL Key and CSR

Before purchasing a cert, you must generate a private key and a CSR file (Certificate Signing Request). You’ll be asked for the content of the CSR file when ordering the certificate. For Common Name, enter your intended domain name without ‘www’, i.e. 1gbits.com. If it’s a Wildcard SSL, use *.1gbits.com.

openssl req -nodes -newkey rsa:2048 -keyout 1gbits.com.key -out 1gbits.com.csr

Create a certificate bundle

After purchasing the certificate, You’ll eventually get an email with your SSL Certificate. It contains a zip file with the following:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • 1gbits_com.crt

cat 1gbits_com.crt AddTrustExternalCARoot.crt COMODORSADomainValidationSecureServerCA.crt

COMODORSAAddTrustCA.crt >> ssl-bundle.crt Once create a certificate bundle you can move it to your Nginx SSL directory.

mv ssl-bundle.crt /etc/nginx/ssl/1gbits.com/

Configure the Certificate for Nginx

Go to Nginx virtual host configuration. Using SSL with Nginx requires a modification to the listen directive and three SSL-related directives, as shown in the following examples:

nano /etc/nginx/conf.d/ssl.conf

server {
   listen 443 ssl spdy;
   server_name www.idroot.net idroot.net;
   root /var/www/idroot.net/public_html;
   index index.php index.html index.htm;
   server_tokens off;

   #SSL CONF
   ssl on;
   ssl_certificate /etc/nginx/ssl/idroot.net/ssl-bundle.crt;
   ssl_certificate_key /etc/nginx/ssl/idroot.net/idroid.us.key;


   #SSL
   ssl_session_cache shared:SSL:20m;
   ssl_session_timeout 10m;

   ssl_prefer_server_ciphers On;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

   ssl_stapling on;
   ssl_stapling_verify on;
   resolver 8.8.8.8 8.8.4.4 valid=300s;
   resolver_timeout 10s;

   # permalink
   location / {
      try_files $uri $uri/ /index.php?$args;
   }

   # php-script handler
   location ~ \.php$ {
      fastcgi_index index.php;
      fastcgi_pass 127.0.0.1:9000;
      root    /var/www/idroot.net/public_html;
      fastcgi_param SCRIPT_FILENAME /var/www/idroot.net/public_html$fastcgi_script_name;
      include /etc/nginx/fastcgi_params;
   }

location  ~ /\.ht {
               deny  all;
           }
    }

Redirect HTTP Virtual Hosts to HTTPS

return 301 https://1gbits.com$request_uri;

Restart/reload Nginx

/etc/init.d/nginx restart

Congratulations! You have successfully installed Nginx with SSL.

Final Words

In this tutorial, we covered the steps to configure SSL with Nginx. We hope this article helped with the setup, and if you have any problems, don't hesitate to contact us through the comment section below. 

People also read: 

author img

admin

Generic placeholder image
Kathlene

2019 Apr 03, 19:04:32

What's Going down i'm new to this, I stumbled upon this I've found It positively useful and it has aided me out loads. I'm hoping to give a contribution & help other users like its helped me. Great job.

Generic placeholder image
Erick

2019 Apr 14, 17:04:31

Hello to all, how is all, I think every one is getting more from this web site, and your views are good in favor of new visitors.

Leave A Comment