Setup Nginx with SSL Certificates on Ubuntu 17.04 | 17.10

This post shows students and new users how to configure Nginx webserver with SSL certificate so that it can serve web pages over HTTPS or port 443/TCP. Websites that serve pages over HTTPS are ranking higher on search engine result pages than those that do not.

If you’re running a WordPress blog or website on Ubuntu 17.04 | 17.10 with Nginx webserver and you want to rank higher with search engines, like Google and Bing, then you might want to configure Nginx with SSL certificates and run WordPress over HTTPS.

Before you can configure your web server to serve pages over HTTPS, you must first generate or obtain a SSL certificate. We have shown you how to do that here. To read this post, please click here.

Step 1: Generate SSL Certificates

To configure Apache2 to serve pages over HTTPS via SSL, you must first obtain a certificate. For this post, we’re going to be generating a self-signed certificate. To learn how to generate a self-signed certificate, read the post below:

Create Self Signed Certificates for Ubuntu 17.04 / 17.10

Step 2: Configure Nginx with SSL Certificate

Now that you’ve obtained a SSL certificate, run the commands below to open Nginx default site configuration file.

sudo nano /etc/nginx/sites-available/default

When the file opens, add the highlighted lines below and save the file. The file should look like the one below.. This the bare minimal to get SSL/TLS enabled on Nginx.

More advanced configurations can be configured later, but the settings below allows Nginx to communicate over HTTPS.

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or WordPress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        #listen 80 default_server;
        #listen [::]:80 default_server;

        # SSL configuration
        #
         listen 443 ssl default_server;
         listen [::]:443 ssl default_server;
        #
        ssl_prefer_server_ciphers  on;
        ssl_ciphers  'ECDH !aNULL !eNULL !SSLv2 !SSLv3';
        ssl_certificate  /etc/ssl/private/server.crt;
        ssl_certificate_key  /etc/ssl/private/server.key;


        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

Save the file

For Nginx, SSL module is already enabled so no need to enable it. The default site is enabled as well, so after the settings above, Nginx should be serving HTTPS pages.

Restart Nginx webserver and test your settings.

sudo systemctl restart nginx.service

Browse to the server hostname or IP address and you should get a SSL warning that the site isn’t trusted. Ignore and continue.

Nginx ssl ubuntu

Summary:

This post shows students and new users how to configure Nginx webserver to serve pages over HTTPS. As more and more search engine providers begin to give more importance to HTTPS pages, enable SSL/TLS for your website and blogs might be the smart thing to do.

So, if you need to configure Nginx to serve HTTPS, follow the guide above.

Enjoy!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.