Technology Encyclopedia Home >How to configure SSL certificate and HTTPS on Nginx?

How to configure SSL certificate and HTTPS on Nginx?

Created on 2025-03-20 14:26:26
391

To configure an SSL certificate and HTTPS on Nginx, follow these steps:

  1. Obtain an SSL Certificate: First, you need to obtain an SSL certificate. This can be done through various Certificate Authorities (CAs) or through services that offer free certificates, such as Let's Encrypt.

  2. Install the Certificate: Once you have the certificate, you need to install it on your server. This typically involves placing the certificate file (e.g., your_domain.crt) and the private key file (e.g., your_domain.key) in a specific directory on your server.

  3. Configure Nginx: Edit the Nginx configuration file, usually located at /etc/nginx/nginx.conf or /etc/nginx/sites-available/default, to include the SSL configuration.

Here is an example configuration snippet:

server {
    listen 80;
    server_name your_domain.com www.your_domain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name your_domain.com www.your_domain.com;

    ssl_certificate /path/to/your_domain.crt;
    ssl_certificate_key /path/to/your_domain.key;

    root /var/www/html;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}

Explanation:

  • Redirect HTTP to HTTPS: The first server block listens on port 80 (HTTP) and redirects all traffic to HTTPS.
  • SSL Configuration: The second server block listens on port 443 (HTTPS) and includes the paths to the SSL certificate and private key.
  • Root and Index: Specifies the root directory for the website and the default index files.

Example:

If your domain is example.com, your certificate files are located at /etc/ssl/certs/example.com.crt and /etc/ssl/private/example.com.key, and your website files are in /var/www/html, your configuration would look like this:

server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name example.com www.example.com;

    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/private/example.com.key;

    root /var/www/html;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}

Additional Recommendations:

For managing SSL certificates more efficiently, especially in a cloud environment, consider using services like Tencent Cloud's SSL Certificate Service. This service provides a simple way to purchase, manage, and deploy SSL certificates, integrating seamlessly with Nginx and other web servers.