Chapter

HTTPS and TLS

Turn on HTTPS in nginx: certificates, a free Let's Encrypt cert with Certbot, an HTTP to HTTPS redirect, and safe TLS defaults.

Nginx Basics 5 Lessons from courses

About this chapter

Every site needs HTTPS now. In this chapter you'll learn what a certificate proves, how to switch nginx to listen 443 ssl, get a free certificate with Certbot, redirect all HTTP traffic to HTTPS, and apply beginner-safe TLS settings.

Lessons from courses

  1. 1 Why HTTPS What HTTPS and TLS are, what an SSL certificate proves, and why every website needs HTTPS for security, SEO and to avoid browser warnings.
  2. 2 listen 443 ssl Enable HTTPS in nginx with listen 443 ssl, ssl_certificate and ssl_certificate_key. See what the cert and private key files are, then test and reload.
  3. 3 Let's Encrypt with Certbot Get a free HTTPS certificate for nginx with Let's Encrypt and Certbot. certbot --nginx, the HTTP-01 challenge, and automatic renewal with a systemd timer.
  4. 4 Redirect HTTP to HTTPS Force HTTPS in nginx with a port 80 server block and return 301 https://$host$request_uri. Learn why return beats rewrite and how to avoid loops.
  5. 5 Basic TLS hardening Beginner-safe nginx TLS hardening: ssl_protocols TLSv1.2 TLSv1.3, ssl_ciphers, ssl_prefer_server_ciphers and an HSTS Strict-Transport-Security header.
Nginx Basics Go to course