YouTip LogoYouTip

Nginx SSL Configuration

Introduction

SSL/TLS encryption is essential for secure web communication. Nginx supports HTTPS natively and works seamlessly with Let's Encrypt for free certificates.

Let's Encrypt with Certbot

# Install Certbot
sudo apt install certbot python3-certbot-nginx

# Obtain certificate
sudo certbot --nginx -d example.com -d www.example.com

# Auto-renewal test
sudo certbot renew --dry-run

# Certbot auto-renews via systemd timer

Manual SSL Configuration

server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers off;

    # HSTS
    add_header Strict-Transport-Security "max-age=63072000" always;
}

HTTP to HTTPS Redirect

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

Summary

Use Certbot for free SSL certificates. Configure strong TLS settings, enable HTTP/2, and always redirect HTTP to HTTPS for security.

← Nginx Load BalancingNginx Reverse Proxy β†’