nginx_ssl
Files:
Directive | Path to Enter |
---|---|
ssl_certificate | Certificate file + Intermidiate bundle path |
ssl_certificate_key | Key file path |
ssl_certificate = .crt + .ca
ssl_certificate = 'cat Intermediate.txt » your_domain_com.bundle'
To configure and redirect nginx properly and cleanly you need 3 nginx server blocks.
The blocks below show a site that is redirected to https://non-www.domain
A quick overview of these nginx blocks can be found below:
server 80 -> Used to redirect Domains : ALL domains DocRoot specified: NO (: YES if site is combo of http and https) Redirect : https://domain # note non-www (: NO if site is combo of http and https) server 443 -> Used to redirect Domains : www.domain DocRoot specified: NO Redirect : https://domain # note non-www server 443 -> Delivers content Domains : ONLY non-www DocRoot specified: YES Redirect : NO
If the customers application is taking care of the redirects then we can use the following example.
The example below shows configuration with 2 nginx files
server { listen 80; server_name www.example.co.uk example.co.uk; return 301 https://example.co.uk$request_uri; #note: this line actually forces https, you may not wish to have this, in which case you will just remove the line or comment it out } server{ listen 443; server_name example.co.uk www.example.co.uk; root /var/www/vhosts/example.co.uk; index index.html index.htm index.php; access_log /var/log/nginx/example.co.uk.access.log; error_log /var/log/nginx/example.co.uk.error.log; location / { index index.html index.htm index.php; try_files $uri $uri/ =404; } ssl on; ssl_certificate /etc/httpd/conf/ssl/ssl.crt/example.co.uk.crt; ssl_certificate_key /etc/httpd/conf/ssl/ssl.key/example.co.uk.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #used to prevent poodle attacks for outdated protocols location ~ \.php$ { include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/vhosts/example.co.uk$fastcgi_script_name; } }
nginx_ssl.txt · Last modified: 2024/05/23 07:26 by 127.0.0.1