Step 1: preparing your private key and CSR
Step 2: obtaining an SSL certificate
Step 3: Nginx SSL configurationThe configuration is done at the server block level:
listen 443 ssl; # this tells Nginx to listen on port 443 (https) with SSL
[...] # The rest of your vhost configuration...
Save your configuration, reload Nginx and voilà! People can now securely visit your website via HTTPS.
Optional: optimization and advanced configurationNginx lets you tweak the configuration with the following directives:
- ssl_protocols: lets you specify the list of allowed SSL protocols
- ssl_ciphers: lets you specify the enabled ciphers (format must follow standards imposed by the OpenSSL library)
And many more...
You can also add a few directives at the http block level that may help with performance:
- ssl_session_cache: a caching mechanism for SSL sessions, allowing to avoid new handshake and session overhead every time a user connects. It is used on par with the next directive...
- ssl_session_timeout: defines how long an SSL session should last.
For details on how to use either directive, read the official documentation.
If you really don't want to bother with it, just use the example below:
ssl_session_cache shared:SSL:10m; # 10 megabytes are reserved for the SSL cache
ssl_session_timeout 10m; # 10 minutes