You read about what SSL/TLS termination and what its advantages were before this page. To configure SSL/TLS termination in Nginx, you need to follow these steps. This assumes you already have an SSL/TLS certificate and private key. If you don't have a certificate, you can obtain one from a certificate authority or use a self-signed certificate (for testing purposes only).
1. Install Nginx with SSL SupportEnsure that your Nginx installation includes SSL support. In many Linux distributions, you can install Nginx with SSL support using a package manager like apt (Ubuntu/Debian) or yum (CentOS/RHEL).
sudo apt-get update
sudo apt-get install nginx
or
sudo yum install nginx
Acquire an SSL/TLS certificate from a trusted certificate authority (CA) or use a self-signed certificate for testing purposes. You'll typically obtain a certificate and a private key.
3. Configure SSL/TLS in NginxOpen your Nginx configuration file (usually located at /etc/nginx/nginx.conf or /etc/nginx/sites-available/default) and add or modify the following configuration:
server {
listen 443 ssl;
server_name your_domain.com;
ssl_certificate /path/to/your_certificate.crt;
ssl_certificate_key /path/to/your_private_key.key;
# Other SSL/TLS settings (optional)
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384';
ssl_prefer_server_ciphers off;
# Additional server configurations
location / {
proxy_pass http://backend_server;
# Additional proxy configurations if needed
}
}
Replace `your_domain.com` , `/path/to/your_certificate.crt` and `/path/to/your_private_key` . key with your actual domain and the paths to your SSL certificate and private key.
4. Configure Redirect from HTTP to HTTPS (Optional)If you want to enforce HTTPS and redirect HTTP traffic to HTTPS, you can add a separate server block for HTTP:
server {
listen 80;
server_name your_domain.com;
return 301 https://$host$request_uri;
}
Check the Nginx configuration for syntax errors and reload the Nginx service:
sudo nginx -t
sudo systemctl reload nginx
If there are no errors, your Nginx server is now configured for SSL/TLS termination.
6. Update Firewall RulesIf you have a firewall enabled, make sure to update the rules to allow traffic on port 443 (HTTPS).This code for UFW on Ubuntu
sudo ufw allow 443
SSL/TLS termination in Nginx provides a centralized point for managing SSL certificates and can offload the SSL/TLS processing from backend servers, improving performance and simplifying certificate management. Ensure that your SSL/TLS configuration follows best practices for security, and consider implementing additional security headers and configurations as needed for your specific application.