Enable SSL in Nginx

To enable SSL for a web site hosted on nginx web server, you need to change port on which nginx listens.

Lets say we have following nginx virtual host

server {
    listen IP-ADDR-HERE:80;
    server_name blog.hostonnet.com;
    access_log  /var/log/nginx/blog.hostonnet.com.log;
    root /home/blog.hostonnet.com/public_html;
    index index.html index.php;
    client_max_body_size 5m;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
       try_files $uri =404;
       access_log off;
       expires max;
    }

    location = /robots.txt      { access_log off; log_not_found off; }
    location = /favicon.ico    { access_log off; log_not_found off; }  

    location ~ \.php$ {
        fastcgi_keep_conn on;
        fastcgi_pass  unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_index   index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include /etc/nginx/fastcgi_params;
    }
}

Find

listen IP-ADDR-HERE:80;

Replace with

listen IP-ADDR-HERE:443;

Now you need to add following 2 lines to virtual host entry, this can be anywhere

ssl on;
ssl_certificate /etc/letsencrypt/live/blog.hostonnet.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.hostonnet.com/privkey.pem;

Here is the modified virtual host entry for SSL.

server {
    listen IP-ADDR-HERE:443;
    server_name blog.hostonnet.com;
    access_log  /var/log/nginx/blog.hostonnet.com.log;
    root /home/blog.hostonnet.com/public_html;
    index index.html index.php;
    client_max_body_size 5m;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
       try_files $uri =404;
       access_log off;
       expires max;
    }

    location = /robots.txt      { access_log off; log_not_found off; }
    location = /favicon.ico    { access_log off; log_not_found off; }  

    location ~ \.php$ {
        fastcgi_keep_conn on;
        fastcgi_pass  unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_index   index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include /etc/nginx/fastcgi_params;
    }

    ssl on;
    ssl_certificate /etc/letsencrypt/live/blog.hostonnet.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/blog.hostonnet.com/privkey.pem;
}

Save it as

vi /etc/nginx/sites-available/blog.hostonnet.com-ssl.conf

Now activate the site with

ln -s /etc/nginx/sites-available/blog.hostonnet.com-ssl.conf /etc/nginx/sites-enabled/blog.hostonnet.com-ssl.conf

Restart nginx web server

nginx -s reload

See also Enable SSL in Apache and SSL


Posted in Windows