close

Configuring SSL/TLS with Nginx on Ubuntu

To configure SSL/TLS with Nginx on Ubuntu, you can follow these steps:

Step 1: Install Nginx

If you haven't installed Nginx, run the following commands to install it:

sudo apt update
sudo apt install nginx

Step 2: Install OpenSSL

If you don't have OpenSSL installed, install it using the following command:

sudo apt install openssl

Step 3: Create a directory for SSL certificate files

Create a directory to store SSL certificate files:

sudo mkdir /etc/nginx/ssl

Step 4: Generate self-signed SSL/TLS certificates (Optional)

If you are not using SSL certificates from a certificate authority, you can generate self-signed certificates with OpenSSL. This is useful for testing SSL/TLS in a development environment. To create a self-signed certificate, run the following commands:

cd /etc/nginx/ssl
sudo openssl genrsa -out server.key 2048
sudo openssl req -new -key server.key -out server.csr
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Step 5: Configure Nginx to use SSL/TLS

Open the Nginx configuration file for the website you want to secure:

sudo vi /etc/nginx/sites-available/your_domain

Add the following lines to the configuration file to enable SSL:

server {
    listen 80;
    server_name your_domain.com www.your_domain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name your_domain.com www.your_domain.com;

    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    # Additional SSL/TLS options can be added here (optional)
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    
    # Additional configurations (if needed)
    
    location / {
        # Reverse proxy configuration (if needed)
    }
}

Step 6: Enable the configuration and restart Nginx

Create a symbolic link from the configuration file in sites-available to sites-enabled to enable the configuration:

sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/

Check if the Nginx configuration has any errors:

sudo nginx -t

If there are no errors, restart the Nginx service to apply the new configuration:

sudo systemctl restart nginx

Once completed, your website will be secured with SSL/TLS. Note that using self-signed certificates will result in the browser warning about untrusted certificates. To have a trusted SSL/TLS certificate, you need to purchase or obtain a free certificate from a certificate authority.