Today security is more crucial for websites. In the past, system admins only worried about setting up HTTPS for sites that dealt with credit card information. But as more websites are dealing with sensitive personal information like emails and locations, the need for secure communication between websites and users have increased. Also, Google is using HTTPS as one of the criteria for ranking sites. So you should remedy your "Your connection is not secure" and “HTTP redirect not working” situations as soon as possible.
What is HTTPS?
HTTPS stands for hyper-transfer protocol secure. It is HTTP with security added. HTTPS can use the SSL or TLS protocol. Often these protocols are talked about interchangeably. They help to encrypt the data that travels between the web browsers and the users. HTTPS secures communications and makes it harder for hackers and cybercriminals to steal information. The downside of HTTPS is that it adds complexity to your setups and you will use more CPU power. However, the processing costs are minimal on most modern CPUs.
What Do You Need?
In order to set up HTTPS on NGINX, you will need to know the protocols and ciphers you want to support. Also, you will need to obtain a certificate and a corresponding private key that is issued by a third-party trusted certificate authority.
In terms of protocol, you have the following choices SSL 2.0, SSL 3.0, TLS v1.0, TLS v1.1, and TLS v1.2. SSL 2.0 is broken, so it’s recommended that you don’t support this protocol. TLS 1.2 is the latest and the best option. However, if your user is using a browser version that supports the older SSL or TLS protocols, then they will not be able to access the site. By current rough estimates, TLS 1.2 should support 75% of the browsers in operation. If you want to increase the coverage, you can add the other protocols. Also, you can define the cipher suites. Cipher suites define the cryptographic algorithms used to implement SSL or TLS. For most users, the defaults on NGINX should be enough.
The most important thing you need to set up HTTPS is a trusted certificate. Generally, you have to buy it from a Certificate Authority (CA). Comodo, Symantec, GoDaddy, IdenTrust, and DigiCert are some of the well-known CAs. We are very proud to be in a warm partner relationship with one of Certificate Authority's thus we are able to provide you with a really worthwhile trusted SSL certificate. Besides the paid CAs, you can also get your certificate from free authorities like Let’s Encrypt, an open CA service provided by the Internet Security Research Group (ISRG). If you are going to use a free CA certificate, make sure the CA has a good reputation.
[havequestion]
Setting Up HTTPS on NGINX
For setting up HTTPS, add the following in your config file:
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate /path/to/signed_cert.pem;
ssl_certificate_key /path/to/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5;
ssl_prefer_server_ciphers on;
}
Of course, /path/to/signed_cert.pem
and /path/to/cert.key
(private key) should point to your own environments.
NGINX redirect: HTTP to HTTPS
The next step is to redirect your HTTP traffic to HTTPS. You can follow two methods:
Redirect All HTTP traffic
You can take all the traffic on HTTP (port 80) and redirect them to HTTPS version of your site. You can use the following configuration:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
The 301 redirects will take any server_name matches and send them to the HTTPS version of the requested URI.
Redirect only Specific Sites
It’s also possible to redirect for specific sites:
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
In the above case, on port 80 it will only perform a 301 redirect when the hostname is example.com. Also, the hostname is hardcoded for the redirect.
Are you having trouble with NGINX not redirecting to HTTPS? Our experts can help. Contact us today or ask your question in the comments section.
Streamline CORS for your APIs on AWS Gateway with Terraform and Lambda secure scale done
Cut your Kubernetes cloud bill with these 5 hacks for smarter scaling and resource tuning
PostgreSQL blends relational and NoSQL for modern app needs