How To Configure Nginx With SSL

Configure Nginx With SSL

In this tutorial, we will show you how to configure Nginx with SSL on your Linux server. For those of you who didn’t know, Transport Layer Security (TLS) and Secure Socket Layer (SSL) provide an easy method to encrypt connections between end-users and web servers. SSL uses a certificate authority system to provide identity verification in order to prevent websites from falsely claiming to be another organization or website. This tutorial shows you how to set up strong SSL security on the Nginx webserver.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step configure Nginx with SSL on your Linux.


  • A server running one of the following operating systems: RHEL-based such as CentOS, AlmaLinux, or Rocky Linux.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
  • I use Namecheap as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.

Configure Nginx With SSL

Step 1. Installing Nginx.

Nginx is available in the official Rocky Linux or RHEL-based repository and can be easily installed using the dnf package manager. To install Nginx, run the following command:

sudo dnf install nginx

Once the installation is complete, start the Nginx service and enable it to start automatically on boot by running the following commands:

sudo systemctl start nginx
sudo systemctl enable nginx

For additional resources on installing Nginx, read the post below:

Step 2. Create a directory.

Now we create a directory to store your SSL certificates by running the following command:

mkdir -p /etc/nginx/ssl/idroot.us

Step 3. Generating Your SSL Key and CSR

Prior to purchasing a cert, you need to generate a private key, and a CSR file (Certificate Signing Request). You’ll be asked for the content of the CSR file when ordering the certificate. For Common Name enter your intended domain name without ‘www’ i.e. idroot.us. If it’s a Wildcard SSL, use *.idroot.us.

openssl req -nodes -newkey rsa:2048 -keyout idroot.us.key -out idroot.us.csr

Step 4. Create a certificate bundle

After purchasing the certificate, You’ll eventually get an email with your SSL Certificate. It contains a zip file with the following:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • idroot_net.crt
cat idroot_us.crt AddTrustExternalCARoot.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >> ssl-bundle.crt

Once create a certificate bundle you can move it to your Nginx SSL directory.

mv ssl-bundle.crt /etc/nginx/ssl/idroot.us/

Step 5. Configure the Certificate for Nginx

Go to Nginx virtual host configuration, using SSL with Nginx requires a modification to the listen directive and three SSL-related directives as shown in the following examples:

nano /etc/nginx/conf.d/ssl.conf
server {
   listen 443 ssl;
   server_name www.idroot.us idroot.us;
   root /var/www/idroot.us/public_html;
   index index.php index.html index.htm;
   server_tokens off;

   ssl on;
   ssl_certificate /etc/nginx/ssl/idroot.us/ssl-bundle.crt;
   ssl_certificate_key /etc/nginx/ssl/idroot.us/idroid.us.key;

   ssl_session_cache shared:SSL:20m;
   ssl_session_timeout 10m;

   ssl_prefer_server_ciphers On;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

   ssl_stapling on;
   ssl_stapling_verify on;
   resolver valid=300s;
   resolver_timeout 10s;

   # permalink
   location / {
      try_files $uri $uri/ /index.php?$args;

   # php-script handler
   location ~ \.php$ {
      fastcgi_index index.php;
      root    /var/www/idroot.us/public_html;
      fastcgi_param SCRIPT_FILENAME /var/www/idroot.us/public_html$fastcgi_script_name;
      include /etc/nginx/fastcgi_params;

location  ~ /\.ht {
               deny  all;

Save and close the file, then restart the Nginx service using the following command:

nginx -tsudo systemctl restart nginx

Step 6. Redirect HTTP to HTTPS on Nginx.

Here is the server configuration if you want to redirect all URLs to HTTPS.

server {
    listen 80 default_server;
    server_name _;
    return 301 https://$host$request_uri;

In the above code, we specify the following:

  • Listen 80: Listen to all HTTP traffic on Port 80
  • Server_name _;: Match any hostname
  • Return 301: Indicates that this is a permanent redirect
  • https://$host$request_uri: Redirect to the HTTPS version of the requested URL

Congratulations! You have successfully installed Nginx with SSL. Thanks for using this tutorial for installing and configuring Nginx with SSL on a Linux system. For additional help or useful information, we recommend you check the official Nginx website.

Nginx With SSL Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “SSL with Nginx”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button