In order to give your website an extra layer of security and an increase in user trust, you’ll want to enable SSL on NGINX and set up HTTPS on your website. Here’s how to do it. For this guide, we’ll be using an Ubuntu 16.04 server (which has NGINX pre-installed). Your steps may vary depending on your server’s OS and configuration, but the overall process should be similar. Let’s get started!
Download and Install a Certificate
Before you can enable SSL/TLS on your website, you need to obtain a digital certificate. You can either generate a self-signed certificate or get one from a Certificate Authority (CA). A self-signed certificate will allow you to encrypt traffic between the server and browsers, but it won’t be trusted by the browsers. If you use a CA issued certificate, the browser will recognize it as trusted and encrypt the connection with that certificate. Once you have a certificate installed, you can set up your web server to start using HTTPS protocol by following these steps
Configure the Root Certification Authority (CA)
A Certification Authority (CA) is an organization that issues digital certificates. A Root CA is a CA that has been trusted by the operating system or browser vendor. To enable SSL on NGINX, you need to configure the Root CA. The first step is to generate a private key and certificate signing request (CSR). You can do this using OpenSSL. Next, submit the CSR to the Root CA. Once you receive the signed certificate from the Root CA, you can configure it in NGINX.
Edit your Virtual Host File
Enabling SSL on your NGINX server is a critical step in securing your website. By default, NGINX does not enable SSL, so you’ll need to edit your virtual host file and add the following lines at the top of the document just below server_name:
Just below that line, insert this snippet: ssl on; ssl_certificate /full/path/to/your/ssl.crt; ssl_certificate_key /full/path/to/your/ssl.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ‘EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH’;
The final change to make is to tell NGINX which directory should be used for storing its SSL files.
Restart nginx
To restart Nginx, you will need to log into your server via SSH. Once you are logged in, you will need to navigate to the Nginx installation directory. Once you are in the Nginx installation directory, you will need to run the command ‘sudo service nginx restart’.
This will restart the Nginx server and enable SSL. You can then head over to the Google Chrome web browser and visit your website by entering its IP address into the URL bar. The first time you visit a site that is secured with SSL, Google Chrome will give you a warning that it cannot establish a secure connection. Just click Proceed Anyway to get onto your site!
Verify your Installation with an Extended Validation Certificate
An extended validation certificate is the highest level of SSL certificate available. It not only provides encryption and data security, but also verifies the identity of the website owner. This is important for visitors, who can be assured that they are dealing with a legitimate website. To get an extended validation certificate, you will need to provide additional information about your business to the Certificate Authority. Once your certificate is issued, you can install it on your NGINX server and enable SSL.
The most common configuration includes three server blocks: one in the ‘default’ context (used when a URL does not match any other context), one in the ‘website’ context, and one in the ‘webmail’ context. In these blocks, add include statements to redirect traffic based on protocol or port number to either http or https servers.