Nginx Java Script React JS Node JS Angular JS Mongo DB Nginx AWS JAVA Python Type Script

NGINX Index
Nginx Introduction C10k Problem High Performance Reverse Proxy Caching Types of Caching Proxy caching Configuring proxy caching Load Balancing Load Balancing Configuration Security Features Web Application Firewall WAF in NGINX. ModSecurity Configuration What is DDos DDos in NGINX SSl TLS Termination SSl TLS in NGINX URL Rewriting URL Rewriting in NGINX Technologies Support to Nginx PM2 PM2 Commands Why Configure FireWall FireWall Commands Deploy Node Project

SSL/TLS termination Configuration

You read about what SSL/TLS termination and what its advantages were before this page. To configure SSL/TLS termination in Nginx, you need to follow these steps. This assumes you already have an SSL/TLS certificate and private key. If you don't have a certificate, you can obtain one from a certificate authority or use a self-signed certificate (for testing purposes only).

1. Install Nginx with SSL Support

Ensure that your Nginx installation includes SSL support. In many Linux distributions, you can install Nginx with SSL support using a package manager like apt (Ubuntu/Debian) or yum (CentOS/RHEL).

bash

sudo apt-get update
sudo apt-get install nginx

or

bash

sudo yum install nginx

2. Obtain SSL/TLS Certificate:

Acquire an SSL/TLS certificate from a trusted certificate authority (CA) or use a self-signed certificate for testing purposes. You'll typically obtain a certificate and a private key.

3. Configure SSL/TLS in Nginx

Open your Nginx configuration file (usually located at /etc/nginx/nginx.conf or /etc/nginx/sites-available/default) and add or modify the following configuration:

nginx

server {
    listen 443 ssl;
    server_name your_domain.com;

    ssl_certificate /path/to/your_certificate.crt;
    ssl_certificate_key /path/to/your_private_key.key;


    # Other SSL/TLS settings (optional)
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384';
    ssl_prefer_server_ciphers off;

    # Additional server configurations
    location / {
      proxy_pass http://backend_server;
      # Additional proxy configurations if needed
    }
}

Replace `your_domain.com` , `/path/to/your_certificate.crt` and `/path/to/your_private_key` . key with your actual domain and the paths to your SSL certificate and private key.

4. Configure Redirect from HTTP to HTTPS (Optional)

If you want to enforce HTTPS and redirect HTTP traffic to HTTPS, you can add a separate server block for HTTP:

nginx

server {
    listen 80;
    server_name your_domain.com;
    return 301 https://$host$request_uri;
}

5. Test and Reload Nginx

Check the Nginx configuration for syntax errors and reload the Nginx service:

bash

sudo nginx -t
sudo systemctl reload nginx

If there are no errors, your Nginx server is now configured for SSL/TLS termination.

6. Update Firewall Rules

If you have a firewall enabled, make sure to update the rules to allow traffic on port 443 (HTTPS).This code for UFW on Ubuntu

bash

sudo ufw allow 443

SSL/TLS termination in Nginx provides a centralized point for managing SSL certificates and can offload the SSL/TLS processing from backend servers, improving performance and simplifying certificate management. Ensure that your SSL/TLS configuration follows best practices for security, and consider implementing additional security headers and configurations as needed for your specific application.

Previous URL Rewriting Next