Step 1: Install Nginx on Ubuntu
Update your package list and install Nginx using the following commands:
sudo apt update sudo apt install nginx Start the Nginx service and verify its status to ensure it’s running:
sudo systemctl start nginx sudo systemctl status nginx You should see an active (running) status in the output.
Step 2: Obtain an SSL Certificate
You can either purchase a certificate from a trusted Certificate Authority (CA) or use Let’s Encrypt (free). For Let’s Encrypt:
Install Certbot and the Nginx plugin:
sudo apt install certbot python3-certbot-nginx Run Certbot to automatically obtain and configure the certificate for your domain (replace yourdomain.com with your actual domain):
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com Follow the on-screen prompts. Certbot will validate your domain, download the certificate, and configure Nginx automatically.
Step 3: Configure Nginx to Use SSL
If you used Certbot, it likely updated your Nginx configuration files (/etc/nginx/sites-available/default or a custom file in /etc/nginx/sites-available/) with SSL settings. If you need to manually configure:
Open your site’s configuration file in a text editor (e.g., nano):
sudo nano /etc/nginx/sites-available/yourdomain.com Add or modify the following blocks to enable HTTPS:
Example configuration:
server { listen 80; server_name yourdomain.com www.yourdomain.com; return 301 https://$host$request_uri; # Redirect HTTP to HTTPS } server { listen 443 ssl http2; # Enable HTTP/2 for better performance listen [::]:443 ssl http2; server_name yourdomain.com www.yourdomain.com; ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # Path to your certificate ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # Path to your private key ssl_protocols TLSv1.2 TLSv1.3; # Use modern, secure protocols ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; # Secure cipher suites ssl_prefer_server_ciphers on; # Prefer server ciphers root /var/www/yourdomain.com; # Your website’s root directory index index.html index.htm; # Default index files location / { try_files $uri $uri/ =404; # Basic routing } } Save the file and exit the editor.
Step 4: Test and Apply Configuration
Before reloading Nginx, test your configuration for syntax errors:
sudo nginx -t If the test passes, you’ll see:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful Reload Nginx to apply the changes:
sudo systemctl reload nginx Step 5: Verify SSL Functionality
Open your browser and navigate to https://yourdomain.com. You should see a lock icon in the address bar, indicating a secure connection. Click the lock to view certificate details (e.g., issuer, validity period).
Optional: Set Up Automatic Certificate Renewal
Let’s Encrypt certificates expire every 90 days. To avoid manual renewal, set up an automatic task:
Test the renewal process (this won’t affect your live site):
sudo certbot renew --dry-run If the test succeeds, add a cron job to run renewal daily (Certbot will only renew certificates that are near expiration):
sudo crontab -e Add the following line to the end of the file:
0 0 * * * /usr/bin/certbot renew --quiet Save and exit. The cron job will automatically renew your certificates and reload Nginx as needed.
