How To Configure Nginx With SSL

Configure Nginx With SSL

Transport Layer Security (TLS) and Secure Socket Layer (SSL) provide an easy method to encrypt connections between end-users and web servers. SSL uses a certificate authority system to provide identity verification in order to prevent websites from falsely claiming to be another organization or website. This tutorial shows you how to set up strong SSL security on the nginx webserver. In this tutorial we will learn how to install and configuration of Nginx with SSL on your Linux server.

Configure Nginx With SSL

Required:

  • Assuming you’ve installed webserver nginx.
  • I use Namecheap as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.

Step 1. Create a directory

 mkdir -p /etc/nginx/ssl/wpcademy.com

Step 2. Generating Your SSL Key and CSR

Prior to purchasing a cert, you need to generate a private key, and a CSR file (Certificate Signing Request). You’ll be asked for the content of the CSR file when ordering the certificate. For Common Name enter your intended domain name without ‘www’ i.e. wpcademy.com. If it’s a Wildcard SSL, use *.wpcademy.net.

 openssl req -nodes -newkey rsa:2048 -keyout wpcademy.net.key -out wpcademy.com.csr

Step 3. Create a certificate bundle

After purchase the certificate, You’ll eventually get an email with your SSL Certificate. It contains a zip file with the following:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • wpcademy.com.crt
 cat wpcademy_net.crt AddTrustExternalCARoot.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >> ssl-bundle.crt

Once create a certificate bundle you can move it to your Nginx SSL directory.

 mv ssl-bundle.crt /etc/nginx/ssl/wpcademy.com/

Step 4. Configure the Certificate for nginx

Go to nginx virtual host configuration, using SSL with nginx requires a modification to the listen directive and three ssl-related directives as shown in the following examples:

 nano /etc/nginx/conf.d/ssl.conf
server {
   listen 443 ssl spdy;
   server_name www.wpcademy.com wpcademy.com;
   root /var/www/wpcademy.com/public_html;
   index index.php index.html index.htm;
   server_tokens off;

   #SSL CONF
   ssl on;
   ssl_certificate /etc/nginx/ssl/wpcademy.com/ssl-bundle.crt;
   ssl_certificate_key /etc/nginx/ssl/wpcademy.com/wpcademy.us.key;


   #SSL
   ssl_session_cache shared:SSL:20m;
   ssl_session_timeout 10m;

   ssl_prefer_server_ciphers On;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

   ssl_stapling on;
   ssl_stapling_verify on;
   resolver 8.8.8.8 8.8.4.4 valid=300s;
   resolver_timeout 10s;

   # permalink
   location / {
      try_files $uri $uri/ /index.php?$args;
   }

   # php-script handler
   location ~ \.php$ {
      fastcgi_index index.php;
      fastcgi_pass 127.0.0.1:9000;
      root    /var/www/wpcademy.com/public_html;
      fastcgi_param SCRIPT_FILENAME /var/www/wpcademy.com/public_html$fastcgi_script_name;
      include /etc/nginx/fastcgi_params;
   }

location  ~ /\.ht {
               deny  all;
           }
    }

Step 5. Redirect HTTP Virtual Hosts to HTTPS

 return 301  https://wpcademy.com$request_uri;

Step 6. Restart/reload nginx

 /etc/init.d/nginx restart

Congratulation’s! You have successfully installed Nginx with SSL. Thanks for using this tutorial for installing and configuration Nginx with SSL on Linux system. For additional help or useful information, we recommend you to check the official Nginx web site

How To Enable Gzip Compression on Nginx CentOS

Enable Gzip Compression on Nginx CentOS

Nginx is one of the most popular web servers in the world and is responsible for hosting some of the largest and highest-traffic sites on the internet. It is more resource-friendly than Apache in most cases and can be used as a web server or a reverse proxy. So today we’re going to learn how to setup enable Gzip compression on Nginx on CentOS 6 or 7. Compressing your scripts and images is a good idea to optimize your website’s load times.

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. In this post, I will talk about an easy way to enable GZIP compression on nginx servers. It’s really not that difficult. Let’s start with Nginx.

Enable Gzip Compression on Nginx

Step 1. Configure nginx.conf (/etc/nginx/nginx.conf)

gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_min_length  1100;
gzip_buffers 16 8k;
gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_disable "MSIE [1-6].(?!.*SV1)";
gzip_vary on;

Step 2. Now, you simply need to restart your server.

 service nginx restart

If you wish to test if GZIP is enabled, use this command:

 curl -H "Accept-Encoding: gzip" -I https://wpcademy.com

With that file now in place, restart your server and you will now be serving site assets with gzip compression. Google takes site speed into account when ranking and placing your sites in their search engine so do your users a favor and strive for the fastest site possible, especially for mobile users.

Congratulation’s! You have successfully enable Gzip on Nginx. Thanks for using this tutorial for enable gzip compression Nginx on Linux system. For additional help or useful information, we recommend you to check the official Nginx web site.