Configurar https para nginx

28.07.19

HTTPS es un protocolo de transferencia de datos avanzado que admite cifrado. Instale un certificado SSL gratuito de Lets Encrypt. Sistema operativo del servidor Ubuntu

 

Obtener un certificado

sudo letsencrypt certonly -a webroot --webroot-path=/var/www/site.com/public_html -d site.com -d www.site.com

Prolongar

sudo letsencrypt renew

nginx config

server {
 
    listen 80 ;
    server_name  site.com.ru www.site.com;
    return 301 https://$server_name$request_uri;
 }
 
server {
 
  # SSL configuration
 
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name  site.com www.site.com;
 
  ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/site.com/chain.pem;
 
  add_header Content-Security-Policy "img-src https: data:; upgrade-insecure-requests";
 
  # We keep access log:
  access_log  /var/log/nginx/site.com_access.log;
 
  # We share static and dynamic, static stored in cache for 10 days:
      location ~* \.(jpg|jpeg|gif|png|ico|css|bmp|swf|js|doc|docx|pdf|xls|xlsx|rar|zip|tbz|7z|exe)$ {
      root /var/www/site.com/public_html;
      expires 10d;
  }
  # htaccess and htpasswd do not give:
      location ~ /\.ht {
          deny  all;
  }
 
  # We want to see statistics when accessing the /stat folder
  location = /stat {
      stub_status on;
      access_log  off;
  }
 
  location / {
      proxy_pass         http://site.com:8888/;
      proxy_redirect     off;
      log_not_found      off;
      proxy_set_header   X-Real-IP $remote_addr;
      proxy_set_header   Host $http_host;
      proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header   HTTPS on;
  }
}

No olvides reiniciar nginx

sudo /etc/init.d/nginx restart
blog comments powered by Disqus