Contents

Today security is more crucial for websites. In the past, system admins only worried about setting up HTTPS for sites that dealt with credit card information. But as more websites are dealing with sensitive personal information like emails and locations, the need for secure communication between websites and users have increased. Also, Google is using HTTPS as one of the criteria for ranking sites. So you should remedy your  “Your connection is not secure” and “HTTP redirect not working” situations as soon as possible.

What is HTTPS?

HTTPS stands for hyper transfer protocol secure. It is HTTP with security added. HTTPS can use the SSL or TLS protocol. Often these protocols are talked about interchangeably. They help to encrypt the data that travels between the web browsers and the users. HTTPS secures communications and makes it harder for hackers and cybercriminals to steal information. The downside of HTTPS is that it adds complexity to your setups and you will use more CPU power. However, the processing costs are minimal on most modern CPUs.

What Do You Need?

In order to set up HTTPS on NGINX, you will need to know the protocols and ciphers you want to support. Also, you will need to obtain a certificate and a corresponding private key that is issued by a third-party trusted certificate authority.

In terms of protocol, you have the following choices SSL 2.0, SSL 3.0, TLS v1.0, TLS v1.1 and TLS v1.2. SSL 2.0 is broken, so it’s recommended that you don’t support this protocol. TLS 1.2 is the latest and the best option. However, if your user is a using a browser version that supports the older SSL or TLS protocols, then they will not be able to access the site. By current rough estimates, TLS 1.2 should support 75% of the browsers in operation. If you want to increase the coverage, you can add the other protocols. Also, you can define the cipher suites. Cipher suites define the cryptographic algorithms used to implement SSL or TLS. For most users, the defaults on NGINX should be enough.

The most important thing you need to setup HTTPS is a trusted certificate. Generally, you have to buy it from a Certificate Authority (CA). Comodo, Symantec, GoDaddy, IdenTrust, and DigiCert are some of the well-known CAs. We are very proud to be in warm partner relationship with one of Certificate Authority’s thus we are able to provide you with really worthwhile trusted ssl certificate. Besides the paid CAs, you can also get your certificate from free authorities like Let’s Encrypt, an open CA service provided by the Internet Security Research Group (ISRG). If you are going to use a free CA certificate, make sure the CA has a good reputation.

Setting Up HTTPS on NGINX

For setting up HTTPS, add the following in your config file:

Of course, /path/to/signed_cert.pem and /path/to/cert.key (private key) should point to your own environments.

NGINX redirect: HTTP to HTTPS

The next step is to redirect your HTTP traffic to HTTPS. You can follow two methods:

Redirect All HTTP traffic

You can take all the traffic on HTTP (port 80) and redirect them to HTTPS version of your site. You can use the following configuration:

 

The 301 redirect will take any server_name matches and sent it to the HTTPS version of the requested URI.

Redirect only Specific Sites

It’s also possible to redirect for specific sites:

In the above case, on port 80 it will only perform a 301 redirect when the hostname is example.com. Also, the hostname is hardcoded for the redirect.

Are you having trouble with NGINX not redirecting to HTTPS? Our experts can help. Contact us today or ask your question in the comments section.

The Author

Pavel Konobeyev

Tags

HTTPS
nginx
security
ssl
SSL certificate

Any comments?