User Tools

Site Tools


nginx_ssl
Files:
Directive Path to Enter
ssl_certificate Certificate file + Intermidiate bundle path
ssl_certificate_key Key file path

ssl_certificate = .crt + .ca
ssl_certificate = 'cat Intermediate.txt » your_domain_com.bundle'



To configure and redirect nginx properly and cleanly you need 3 nginx server blocks.
The blocks below show a site that is redirected to https://non-www.domain
A quick overview of these nginx blocks can be found below:

server 80  -> Used to redirect
Domains          : ALL domains
DocRoot specified: NO (: YES if site is combo of http and https)
Redirect         : https://domain # note non-www (: NO if site is combo of http and https)

server 443 -> Used to redirect
Domains          : www.domain
DocRoot specified: NO
Redirect         : https://domain # note non-www

server 443 -> Delivers content
Domains          : ONLY non-www
DocRoot specified: YES
Redirect         : NO





If the customers application is taking care of the redirects then we can use the following example.
The example below shows configuration with 2 nginx files

server {
    listen 80;
    server_name www.example.co.uk example.co.uk;
    return 301 https://example.co.uk$request_uri; #note: this line actually forces https, you may not wish to have this, in which case you will just remove the line or comment it out
}
server{
    listen 443;
    server_name example.co.uk www.example.co.uk;
    root /var/www/vhosts/example.co.uk;
    index index.html index.htm index.php;

    access_log /var/log/nginx/example.co.uk.access.log;
    error_log /var/log/nginx/example.co.uk.error.log;

    location / {
        index index.html index.htm index.php;
        try_files $uri $uri/ =404;
    }

    ssl on;
    ssl_certificate /etc/httpd/conf/ssl/ssl.crt/example.co.uk.crt;
    ssl_certificate_key /etc/httpd/conf/ssl/ssl.key/example.co.uk.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #used to prevent poodle attacks for outdated protocols


location ~ \.php$ {
    include /etc/nginx/fastcgi_params;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /var/www/vhosts/example.co.uk$fastcgi_script_name;
    }
}


nginx_ssl.txt · Last modified: 2024/05/23 07:26 by 127.0.0.1

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki