Nginx: TLS/SSL (HTTPS) Cheat Sheet


The below configuration is only an example of what a TLS/SSL setup should look like. Please do not take these settings as the perfect security solution for your applications. Please do research the proper settings that best fit with your Certificate Authority.

If you are looking for free SSL certificates, Let’s Encrypt is a free, automated, and open Certificate Authority. Also, here is a wonderful step-by-step guide from Digital Ocean on how to setup TLS/SSL on Ubuntu 16.04.

server {
  listen 443 ssl;
  ssl on;
  ssl_certificate /path/to/cert.pem;
  ssl_certificate_key /path/to/privkey.pem;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /path/to/fullchain.pem;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  add_header Strict-Transport-Security max-age=15768000;

# Permanent redirect for HTTP to HTTPS
server {
  listen 80;
  return 301 https://$host$request_uri;

Leave a Reply

Your email address will not be published. Required fields are marked *