Nginxdevops~5 mins

SSL certificate installation in Nginx - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Websites need to protect data sent between users and servers. Installing an SSL certificate makes the website secure by encrypting this data. This stops others from reading or changing the information.

When you want your website to show a secure padlock icon in browsers.

When you need to protect login pages or payment forms from hackers.

When you want to improve your website's trust and search engine ranking.

When you want to comply with security rules that require encrypted connections.

When you want to prevent warnings in browsers about unsafe websites.

Config File - nginx.conf

nginx.conf

server {
    listen 443 ssl;
    server_name example.com www.example.com;

    ssl_certificate /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        root /var/www/html;
        index index.html index.htm;
    }
}

server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
}

This configuration sets up Nginx to use SSL on port 443 with your certificate and key files.

The ssl_certificate and ssl_certificate_key lines tell Nginx where to find your SSL files.

The ssl_protocols and ssl_ciphers lines ensure secure encryption methods.

The second server block listens on port 80 and redirects all traffic to HTTPS for security.

Commands

This command tests the Nginx configuration file for errors before applying changes.

Terminal

sudo nginx -t

Expected OutputExpected

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

This command reloads Nginx to apply the new SSL configuration without stopping the server.

Terminal

sudo systemctl reload nginx

Expected OutputExpected

No output (command runs silently)

This command checks the HTTP headers of your website over HTTPS to confirm SSL is working.

Terminal

curl -I https://example.com

Expected OutputExpected

HTTP/2 200 server: nginx content-type: text/html ...

→

-I - Fetch only HTTP headers to quickly check server response

Key Concept

If you remember nothing else from this pattern, remember: SSL certificates encrypt data between users and your server, and Nginx needs the certificate and key files configured to enable HTTPS.

Common Mistakes

Forgetting to test the Nginx configuration before reloading.

This can cause Nginx to fail to start if there are syntax errors, making your website unavailable.

Always run 'sudo nginx -t' to check for errors before reloading.

Using incorrect file paths for the SSL certificate or key in the config.

Nginx will not find the files and fail to start SSL, causing connection errors.

Double-check the paths to your .crt and .key files and ensure they are readable by Nginx.

Not redirecting HTTP traffic to HTTPS.

Users can still access the site insecurely, defeating the purpose of SSL.

Add a server block on port 80 that redirects all requests to HTTPS.

Summary

Configure Nginx with SSL certificate and key file paths in the server block listening on port 443.

Test the Nginx configuration with 'sudo nginx -t' to catch errors before applying.

Reload Nginx to apply changes without downtime using 'sudo systemctl reload nginx'.

Verify SSL is working by checking the website headers with 'curl -I https://example.com'.