Configure SSL for nginx

Please, refer to SSL Configuration Testing to test the current level of SSL Configuration.

Nginx Configuration

The following resource https://cipherli.st/ provides nginx configuration for strong SSL Configuration.

Below is an example of Dhound nginx web servers configuration that raised SSL configuration from B level to A+ and increased protection of a web site (for example, against Clickjacking attacks):

/etc/nginx/nginx.confhttp {
            ...
            ##
            # SSL Settings
            ##
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
            ssl_ciphers "HIGH:!RC4:!aNULL:!MD5:!kEDH";
            ssl_ecdh_curve secp384r1;
            ssl_session_cache shared:SSL:10m;
            ssl_session_tickets off;
            ssl_stapling on;
            ssl_stapling_verify on;
            ...
}

/etc/nginx/sites-enabled/<configfile>server {
            ...
            listen 443;
            ...
            ssl on;
            ssl_certificate /etc/ssl/<SSL Certificate>.crt;
            ssl_certificate_key /etc/ssl/private/<SSL Private key>.key;
            add_header Strict-Transport-Security "max-age=63072000; preload"; # force browser to use HTTP always for this resource
            add_header X-Frame-Options DENY; # protect against Clickjacking attack
            add_header X-Content-Type-Options nosniff; 
            ...
}

On This Page

Configure SSL for nginx

Nginx Configuration

See Also