Setting up an SSL Certificate With Nginx and Let's Encrypt
Published on: Nov. 2, 2019, 6:48 p.m. by assemblarg.
First go to Let's Encrypt. You can follow along with the directions for your respective OS and software configuration.
If you want to manually setup a certificate. Install certbot and run:
# letsencrypt certonly -a manual --rsa-key-size 4096 --email email@example.com -d example.com -d www.example.com
You then need to add the following to the server section of your nginx configuration:
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
To redirect all http traffic in nginx to https, add the following server section:
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$server_name$request_uri;
$server_name could be replaced by $host in most cases, but $host is a variable set by the HTTP Host Header. Therefore, it could be maliciously manipulated by a user. It is better to set a variable we have control over instead. In this case $server_name
Posted in: System Administration