Nginxdevops~30 mins

SSL protocol and cipher configuration in Nginx - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

SSL Protocol and Cipher Configuration in Nginx

📖 Scenario: You are setting up a secure web server using Nginx. To protect your website and users, you need to configure SSL protocols and ciphers properly. This ensures encrypted communication and prevents weak security settings.

🎯 Goal: Configure Nginx to use only secure SSL protocols and strong cipher suites for HTTPS connections.

📋 What You'll Learn

Create an Nginx server block configuration with SSL enabled

Set the SSL protocols to only TLSv1.2 and TLSv1.3

Configure the SSL cipher suites to use strong ciphers only

Enable SSL session cache and set session timeout

Print the final SSL configuration block

💡 Why This Matters

🌍 Real World

Web servers use SSL/TLS protocols and cipher suites to secure data between users and servers. Proper configuration prevents attackers from intercepting or tampering with data.

💼 Career

DevOps engineers and system administrators must configure SSL settings in web servers like Nginx to ensure secure communication and compliance with security standards.

Progress0 / 4 steps

Create basic Nginx server block with SSL

Create a variable called nginx_config and assign a string that contains a basic Nginx server block with SSL enabled. Include listen 443 ssl; and placeholders for ssl_certificate and ssl_certificate_key directives.

Nginx

# Your code here

Need a hint?

Define a string variable named nginx_config with the server block text including SSL listen and certificate lines.

Add SSL protocol configuration

Add a line to the nginx_config string to set ssl_protocols TLSv1.2 TLSv1.3; inside the server block to allow only TLS version 1.2 and 1.3.

Nginx

nginx_config = '''server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/private/example.com.key;

    # Add ssl_protocols line below

    location / {
        root /var/www/html;
        index index.html;
    }
}'''

Need a hint?

Insert the line ssl_protocols TLSv1.2 TLSv1.3; inside the server block.

Configure strong SSL cipher suites

Add a line to the nginx_config string to set ssl_ciphers with the value 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384' inside the server block. Also add ssl_prefer_server_ciphers on; to prefer server ciphers.

Nginx

nginx_config = '''server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/private/example.com.key;

    ssl_protocols TLSv1.2 TLSv1.3;

    # Add ssl_ciphers and ssl_prefer_server_ciphers lines below

    location / {
        root /var/www/html;
        index index.html;
    }
}'''

Need a hint?

Add the ssl_ciphers line with the specified cipher string and ssl_prefer_server_ciphers on; inside the server block.

Enable SSL session cache and print configuration

Add lines to the nginx_config string to enable SSL session cache with ssl_session_cache shared:SSL:10m; and set session timeout with ssl_session_timeout 10m; inside the server block. Then print the full nginx_config string.

Nginx

nginx_config = '''server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/private/example.com.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
    ssl_prefer_server_ciphers on;

    # Add ssl_session_cache and ssl_session_timeout lines below

    location / {
        root /var/www/html;
        index index.html;
    }
}'''

# Print the nginx_config below
# Your code here

Need a hint?

Add the SSL session cache and timeout lines inside the server block. Then use print(nginx_config) to display the full configuration.