To configure nginx with an SSL/TLS certificate and HTTPS, you will have to install the public and private certificate and update your application configuration. In addition, I want to redirect to HTTPS from HTTP because I want all request to be secure.

Certificate Installation

First, purchase a certificate or generate a self-signed certificate. I purchased a single-domain certificate from Dreamhost for $15/yr. I installed my certs to /etc/nginx/ssl/, but a common place is /etc/ssl/certs and /etc/ssl/private (for the private key). Also make the certificates readable by root only.

$ sudo chmod 0400 /etc/nginx/ssl/* 

Nginx Server Configuration

As I’ve read before, random articles on Google can sometimes lead you astray when it comes to configuring your server. The nginx wiki provides good information in general and should be your first stop.

For my configuration, I need two server blocks, one for HTTP and one for HTTPS. The HTTP will redirect to HTTPS. The HTTPS block will contain the majority of the server configuration.

server {
    listen 80; 
    server_name example.com www.example.com;
    return 301 https://example.com$request_uri;
}

Note that I am addressing a common pitfall related to rewrites by using return instead of rewrite. Here is the second block.

server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/cert.key;
    
    server_name example.com www.example.com;

    # your web application configuration here...
    location / { try_files $uri @app; }
    location @app {
        ...
    }

    error_page   404              /404.html;
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

After that, restart Nginx for some happy secure surfing.

$ sudo service nginx restart