Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Super! Just set up my first secure website with Nginx.

Absolutely simple. Literally the only way it could have been easier is if letsencrypt had been installed on my Centos 6.7 box but it was only a `git clone' away.

---

1) Stop the web server.

2) ./letsencrypt-auto certonly --standalone -d _my_domain1_ -d _my_domain2_ ... At the curses prompt give it your contact email address, and accept the licence

3) Edit nginx.conf - Change all listen 80s to listen 443s. Add the following commands

   ssl_certificate /etc/letsencrypt/live/_my_domain_/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/_my_domain_/privkey.pem;

   # bump up protection

   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
4) Start the web server

5) Doh! Go through website changing hardcoded http:// links to protocol (scheme) relative links // See here: https://www.paulirish.com/2010/the-protocol-relative-url/

6) Restart the web server

---

Ok. It's doesn't seem that simple now that I say it but it was easier than wrestling with Apache and rewrite rules :)



I had no experiance with Nginx and doing the 80-443 redirct was pretty simple.

server { listen 80; listen [::]:80 ipv6only=on; server_name www.mydomain.com; return 301 https://$server_name$request_uri; }




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: