Configuring SSL with NGINX takes only several minutes. All you need to do is to save your SSL certificate and key files on the server and modify the NGINX conf file to refer to them.
SSL certificate files
When you purchase an SSL certificate, you will have to download the files that make up your SSL certificate. In this tutorial, we will use two files, *.cer (or *.crt) and *.key to setup HTTPS with the NGINX server. For reference, I will name the two files as ssl_certificate.crt and ssl_certificate.key.
Step 1: Save SSL certificate files on the server
Download both ssl_certificate.crt and ssl_certificate.key files to the server that NGINX is installed. In this example, my NGINX is installed on /etc/nginx, and I save SSL files on to /etc/nginx/cert directory. Therefore, the absolute paths for my SSL files are /etc/nginx/certs/ssl_certificate.crt and /etc/nginx/certs/ssl_certificate.key respectively.
Step 2: Modify Nginx config file
The next step is to modify the Nginx config file to create an HTTPS server block and reference SSL certificate files within the new server block. To maintain a canonical form of the URL, all noncanonical representations of the URL will redirect to the canonical URL format. Our canonical URL will be https://www.example.com. Noncanonical URL forms such as https://example.com, http://www.example.com, and http://example.com will be redirected to https://www.example.com. All the above URLs are served by the webserver running on port 3000.
2.1 Create a new server block
The below server block adds the https support. It accepts https://www.example.com and forwards to the web server running on port 3000.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
#Placeholder to include the ssl certificate and key
ssl_certificate_key /etc/nginx/certs/ssl_certificate.key;
location / {
proxy_pass http://127.0.0.1:3000/;
}
}2.2 Add SSL certificate to the new server block
To use SSL, the server should have the SSL certificate installed. We completed this step in step 1. Ensure the paths to *.crt and *.key match to the location you saved them on.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
ssl_certificate /etc/nginx/certs/ssl_certificate.crt;
ssl_certificate_key /etc/nginx/certs/ssl_certificate.key;
location / {
proxy_pass http://127.0.0.1:3000/;
}
}Step 3: Redirect all URLs to https://www
As I mentioned above, let's redirect all the noncanonical URLs to canonical format, which is https://www.example.com.
Redirects all non ssl to https://www.example.com
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}Redirects https://example.com to https://www.example.com
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate /etc/nginx/certs/ssl_certificate.crt;
ssl_certificate_key /etc/nginx/certs/ssl_certificate.key;
return 301 https://www.example.com$request_uri;
}After all the changes, the complete Nginx config file will look like below.
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate /etc/nginx/certs/ssl_certificate.crt;
ssl_certificate_key /etc/nginx/certs/ssl_certificate.key;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
ssl_certificate /etc/nginx/certs/ssl_certificate.crt;
ssl_certificate_key /etc/nginx/certs/ssl_certificate.key;
location / {
proxy_pass http://127.0.0.1:3000/;
}
}Step 4: Restart Nginx
Now we have completed all the required changes to accommodate SSL. Finally, restart your Nginx server to make changes into effect.
