How To Configure Nginx With SSL


In this tutorial we will show you how to configure Nginx with SSL on your Linux server. For those of you who didn’t know, Transport Layer Security (TLS) and Secure Socket Layer (SSL) provide an easy method to encrypt connections between end-users and web servers. SSL uses a certificate authority system to provide identity verification in order to prevent websites from falsely claiming to be another organization or website. This tutorial shows you how to set up strong SSL security on the nginx webserver.

Configure Nginx With SSL


  • Assuming you’ve installed webserver nginx.
  • I use Namecheap as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.

Step 1. Create a directory

mkdir -p /etc/nginx/ssl/

Step 2. Generating Your SSL Key and CSR

Prior to purchasing a cert, you need to generate a private key, and a CSR file (Certificate Signing Request). You’ll be asked for the content of the CSR file when ordering the certificate. For Common Name enter your intended domain name without ‘www’ i.e. If it’s a Wildcard SSL, use *

openssl req -nodes -newkey rsa:2048 -keyout -out

Step 3. Create a certificate bundle

After purchase the certificate, You’ll eventually get an email with your SSL Certificate. It contains a zip file with the following:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • idroot_net.crt
cat idroot_net.crt AddTrustExternalCARoot.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >> ssl-bundle.crt

Once create a certificate bundle you can move it to your Nginx SSL directory.

mv ssl-bundle.crt /etc/nginx/ssl/

Step 4. Configure the Certificate for nginx

Go to nginx virtual host configuration, using SSL with nginx requires a modification to the listen directive and three ssl-related directives as shown in the following examples:

nano /etc/nginx/conf.d/ssl.conf
server {
   listen 443 ssl spdy;
   root /var/www/;
   index index.php index.html index.htm;
   server_tokens off;

   ssl on;
   ssl_certificate /etc/nginx/ssl/;
   ssl_certificate_key /etc/nginx/ssl/;

   ssl_session_cache shared:SSL:20m;
   ssl_session_timeout 10m;

   ssl_prefer_server_ciphers On;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

   ssl_stapling on;
   ssl_stapling_verify on;
   resolver valid=300s;
   resolver_timeout 10s;

   # permalink
   location / {
      try_files $uri $uri/ /index.php?$args;

   # php-script handler
   location ~ \.php$ {
      fastcgi_index index.php;
      root    /var/www/;
      fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
      include /etc/nginx/fastcgi_params;

location  ~ /\.ht {
               deny  all;

Step 5. Redirect HTTP Virtual Hosts to HTTPS

return 301$request_uri;

Step 6. Restart/reload nginx

/etc/init.d/nginx restart

Congratulation’s! You have successfully installed Nginx with SSL. Thanks for using this tutorial for installing and configuration Nginx with SSL on Linux system. For additional help or useful information, we recommend you to check the official Nginx website.

Nginx With SSL Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “SSL with Nginx”, starting from $10 (Paypal payment). Please contact us to get a best deal!