About this chapter
Every site needs HTTPS now. In this chapter you'll learn what a certificate proves, how to switch nginx to listen 443 ssl, get a free certificate with Certbot, redirect all HTTP traffic to HTTPS, and apply beginner-safe TLS settings.
Lessons from courses
- 1 Why HTTPS What HTTPS and TLS are, what an SSL certificate proves, and why every website needs HTTPS for security, SEO and to avoid browser warnings.
- 2 listen 443 ssl Enable HTTPS in nginx with listen 443 ssl, ssl_certificate and ssl_certificate_key. See what the cert and private key files are, then test and reload.
- 3 Let's Encrypt with Certbot Get a free HTTPS certificate for nginx with Let's Encrypt and Certbot. certbot --nginx, the HTTP-01 challenge, and automatic renewal with a systemd timer.
- 4 Redirect HTTP to HTTPS Force HTTPS in nginx with a port 80 server block and return 301 https://$host$request_uri. Learn why return beats rewrite and how to avoid loops.
- 5 Basic TLS hardening Beginner-safe nginx TLS hardening: ssl_protocols TLSv1.2 TLSv1.3, ssl_ciphers, ssl_prefer_server_ciphers and an HSTS Strict-Transport-Security header.