HTTPS Security: Nginx

1. Nginx?

- It is a lightweight, high-performance web server

- It handles HTTP/HTTPS requests, delivering static files like HTML, CSS, and more to clients.

- It can also act as a reverse proxy.

 

2. Nginx Configuration File Structure

- /etc/nginx/nginx.conf

- /etc/nginx/sites-available/default

 

1) Sample:

server {
    listen 443 ssl;  # Listen on port 443 for HTTPS
    server_name example.com;  # Your domain name

    ssl_certificate /etc/ssl/certs/example.crt;  # Path to SSL certificate
    ssl_certificate_key /etc/ssl/private/example.key;  # Path to SSL private key

    location / {
        root /var/www/html;  # Location of your website files
        index index.html;
    }
}

 

3. Editing the configuration

sudo nano /etc/nginx/sites-available/default

 

1) Updating Certificate Paths

- To check the available certificates:

ls -l /etc/ssl/certs/
ls -l /etc/ssl/private/

 

4. Test & Restart Nginx

1) Check if HTTPS is working:

curl -I https://localhost

- I: Sends a HEAD request and shows HTTP response headers

2) Test your Nginx config for syntax errors

sudo nginx -t

3) Then restart the Nginx service

sudo systemctl restart nginx

 

5. Troubleshooting

1) Check if Nginx is running

sudo systemctl status nginx

2) View Error Logs 

journalctl -xe

sudo tail -f /var/log/nginx/error.log

- This helps identify what's preventing nginx from starting properly (e.g., missing certs, port conflict, syntax errors)