ANS Documentation

Improve This Doc
  • Cloud
  • Domains and DNS management
  • Backup and High Availability
  • eCommerce Stacks
  • Security
  • Email
  • Monitoring and usage management
  • Networking
  • Operating systems
    • Linux
      • Basics
      • Apache
      • Control Panels
      • FTP
      • Magento
      • Miscellaneous
      • MySQL
      • NGINX
      • PHP
      • PHP-FPM
      • Setting up Websites
      • NFS
      • VPN
      • Percona
      • SSH
      • SSL
      • Git
      • Redis
      • Elasticsearch
      • MongoDB
      • Ncdu
    • VMware ESXi
    • Windows
  • Webcelerator
  • MyUKFast
  • Home >
  • Operating systems >
  • Linux >
  • NGINX >
  • Adding an SSL Certificate in NGINX

Adding an SSL Certificate in NGINX¶

A lot of guides on setting up SSL configuration with NGINX will have you create a completely separate server block for your HTTPS content.

Whilst this works fine, it duplicates future work when making configuration changes, as you now have two near-identical server blocks that need to be updated.

So unless you have a particular need for separate blocks (such as needing different NGINX configuration for your https content), I’d recommend simplifying and using the following method.

Configuration¶

Taking our example configuration from the previous NGINX installation guide, we previously had the following:

upstream php {
    server 127.0.0.1:9000;
}

server {

    listen 80;
    server_name mywebsite.com www.mywebsite.com;
    root /var/www/vhosts/mywebsite.com/httpdocs;


    index index.php index.html;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include fastcgi.conf;
        fastcgi_intercept_errors on;
        fastcgi_pass php;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }
}

To adapt this for SSL connections, we only need to tell the configuration to listen on port 443 and then point it at our SSL certificate files.

To do that, we need to add the following lines:

listen 443 ssl;
ssl_certificate     /var/path/to/certficate.crt;
ssl_certificate_key /var/path/to/key.key;

Paths to your certificate and key would need to be replaced with something that wasn’t fictitious.

Note

Your CA bundle should be included at the end of your certificate file, there’s no separate directive required with NGINX

With all that in place, your configuration should now look like this:

    upstream php {
            server 127.0.0.1:9000;
    }

    server {

            listen 80;
            listen 443 ssl;

            ssl_certificate     /var/path/to/certficate.crt;
            ssl_certificate_key /var/path/to/key.key;

            server_name mywebsite.com www.mywebsite.com;
            root /var/www/vhosts/mywebsite.com/httpdocs;


            index index.php index.html;

            location / {
                    try_files $uri $uri/ /index.php?$args;
            }

            location ~ \.php$ {
                    include fastcgi.conf;
                    fastcgi_intercept_errors on;
                    fastcgi_pass php;
            }

            location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                    expires max;
                    log_not_found off;
            }
    }

Now it’s just a matter of testing your configuration and then restarting NGINX to put it all live:

service nginx configtest

service nginx restart

Next Article > PHP

  • Useful Links
  • SMB
  • Enterprise
  • Channel
  • Public Sector
  • ANS Data Centres
  • About ANS
  • Careers
  • Blog
  • Get in touch
  •  
  • Sales 0800 458 4545
  • Support 0800 230 0032
  • Get in touch

© ANS Group Limited | Terms and Conditions | Corporate Guidance | Sitemap
ANS Group Limited, registered in England and Wales, company registration number 03176761, registered office 1 Archway, Birley Fields, Manchester M15 5QJ