Skip to main content

Enabling HTTPS

This is a quick guide on how to setup HTTPS in NGINX. With free certificates from LetsEncrypt and it's super easy to setup. This guide uses Debian 11 and requires a user with sudo privileges. Ports 80 and 443 will need to be opened if you're using a firewall, otherwise you will not be able to setup HTTPS. We will be using Certbot in this guide.

Installing Certbot

First update the repos and upgrade any packages before installing Certbot:

sudo apt update
sudo apt upgrade

Then install the Certbot packages:

sudo apt install python3-certbot python3-certbot-nginx

Acquiring The Certificate

To get a certificate for your website, issue the following command:

Ensure you have your DNS records pointing to the IP address of your server. If you recently added or changed DNS records, it may take up to 24 hours for changes to take effect. Also make sure the server_name directive in your server block is pointing to the right domain.

If you wish to add more websites to the certificate, append another -d yoursite.com.

sudo certbot --nginx -d site.vlenture.com

From there, the Certbot client will verify that you own the website and then issue your certificate. By default Certbot adjusts your configuration to automatically redirect all HTTP traffic to HTTPS. Look at the drop-downs below to see what your configuration might look like before and after.

HTTP Server Block

This configuration hosts a basic "Welcome to nginx!" page:

server {
        listen 80;
        listen [::]:80;
        server_name site.vlenture.org;

        root /var/www/html;
        index index.nginx-debian.html;

        location / {
                try_files $uri $uri/ =404;
        }
}
HTTPS Server Block

This is what the same server block looks like after running Certbot:

server {

        server_name site.vlenture.org;

        root /var/www/html;
        index index.html index.nginx-debian.html;

        location / {
                try_files $uri $uri/ =404;
        }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/site.vlenture.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/site.vlenture.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = site.vlenture.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;

        server_name site.vlenture.org;
    return 404; # managed by Certbot


}

If you now head over to your website, you should be redirected to HTTPS. You can verify this by seeing https:// in the URL bar as well as checking the padlock sign has nothing obstructing it.

Secured_Website.png

If using SystemD, Certbot automatically creates a timer to see if your certificates need renewing. You can verify this by running systemctl list-timers and check for Certbot in the list.
If you're not using SystemD, a cron job may already be configured or you can setup crontab to run Certbot on an interval.

Conclusion

You have successfully setup HTTPS on your web service. It's a relatively easy process which you setup once and don't need to worry about again. You've done your part in securing and encrypting your website!

Back to top