Table of Contents
Setting up HTTPS on your Nginx web server is essential for securing data transmission between your server and visitors. It encrypts sensitive information, builds trust, and improves your website’s SEO. This guide will walk you through the steps to configure HTTPS on an Nginx server.
Prerequisites
- A domain name pointing to your server’s IP address
- Root or sudo access to your server
- Installed Nginx web server
- OpenSSL installed on your server
- A valid SSL certificate (we will use Let’s Encrypt for free certificates)
Installing Certbot for Let’s Encrypt
Certbot is a popular tool for obtaining and renewing SSL certificates from Let’s Encrypt. To install Certbot on Ubuntu, run:
sudo apt update
sudo apt install certbot python3-certbot-nginx
Obtaining an SSL Certificate
To get a free SSL certificate for your domain, execute:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
Follow the prompts to complete the process. Certbot will automatically configure your Nginx server to use the new certificate.
Configuring Nginx Manually
If you prefer to configure Nginx manually, locate your server block configuration file, usually in /etc/nginx/sites-available/. Open it with a text editor:
sudo nano /etc/nginx/sites-available/yourdomain.com
Add or modify the server block to include SSL settings:
Example server block:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384";
root /var/www/yourdomain.com/html;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ =404;
}
}
Testing and Reloading Nginx
After saving your configuration, test for syntax errors:
sudo nginx -t
If the test passes, reload Nginx to apply changes:
sudo systemctl reload nginx
Renewing Your SSL Certificate
Let’s Encrypt certificates are valid for 90 days. Certbot sets up automatic renewal, but you can manually test renewal with:
sudo certbot renew --dry-run
Conclusion
Configuring HTTPS on your Nginx server enhances security and trust. Using Certbot with Let’s Encrypt simplifies the process, providing free SSL certificates and automatic renewals. Regularly check your certificate status to ensure your website remains secure.