Introduction
SSL/TLS encryption is essential for secure web communication. Nginx supports HTTPS natively and works seamlessly with Let's Encrypt for free certificates.
Let's Encrypt with Certbot
# Install Certbot
sudo apt install certbot python3-certbot-nginx
# Obtain certificate
sudo certbot --nginx -d example.com -d www.example.com
# Auto-renewal test
sudo certbot renew --dry-run
# Certbot auto-renews via systemd timer
Manual SSL Configuration
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
# HSTS
add_header Strict-Transport-Security "max-age=63072000" always;
}
HTTP to HTTPS Redirect
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
Summary
Use Certbot for free SSL certificates. Configure strong TLS settings, enable HTTP/2, and always redirect HTTP to HTTPS for security.
YouTip