Nginxdevops~5 mins

SSL directive configuration in Nginx - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Websites need to protect data sent between users and servers. SSL directives in nginx help encrypt this data to keep it safe from hackers.

When you want to secure your website with HTTPS instead of HTTP.

When you have an SSL certificate and need to tell nginx where to find it.

When you want to redirect all visitors to use the secure HTTPS version of your site.

When you want to enable strong encryption settings for better security.

When you want to configure nginx to serve encrypted traffic on port 443.

Config File - nginx.conf

nginx.conf

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/private/example.com.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        root /var/www/html;
        index index.html;
    }
}

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

This configuration sets up nginx to listen on port 443 with SSL enabled.

ssl_certificate points to the public SSL certificate file.

ssl_certificate_key points to the private key file.

ssl_protocols defines which TLS versions are allowed.

ssl_ciphers sets the encryption algorithms to use.

The second server block listens on port 80 and redirects all traffic to HTTPS.

Commands

This command tests the nginx configuration file for syntax errors before restarting the server.

Terminal

sudo nginx -t

Expected OutputExpected

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

This command reloads nginx to apply the new SSL configuration without stopping the server.

Terminal

sudo systemctl reload nginx

Expected OutputExpected

No output (command runs silently)

This command checks the HTTP headers returned by the server to confirm HTTPS is working.

Terminal

curl -I https://example.com

Expected OutputExpected

HTTP/2 200 server: nginx content-type: text/html ...

→

-I - Fetch only HTTP headers without the body

Key Concept

If you remember nothing else from this pattern, remember: ssl_certificate and ssl_certificate_key must point to valid files and nginx must be reloaded after changes.

Common Mistakes

Using incorrect file paths for ssl_certificate or ssl_certificate_key.

Nginx will fail to start or reload because it cannot find the SSL files.

Double-check the full paths to your certificate and key files and ensure nginx has permission to read them.

Not testing nginx configuration before reloading.

Syntax errors can cause nginx to fail to reload, making your website unavailable.

Always run 'sudo nginx -t' to verify configuration before reloading.

Forgetting to redirect HTTP traffic to HTTPS.

Users can still access the insecure HTTP version, reducing security.

Add a server block listening on port 80 that redirects all requests to HTTPS.

Summary

Configure ssl_certificate and ssl_certificate_key in nginx to enable HTTPS.

Test the nginx configuration with 'nginx -t' before reloading.

Reload nginx to apply changes and verify HTTPS works with curl.