- NGINX Cookbook
- Tim Butler
- 119字
- 2025-04-04 18:27:16
How to do it...
Now that we have a certificate and private key, we can update our NGINX configuration to serve SSL-based sites. Here's our NGINX server directive block:
server {
listen 443 ssl;
server_name ssl.nginxcookbook.com;
ssl_certificate /etc/ssl/public.pem;
ssl_certificate_key /etc/ssl/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/ssl-access.log combined;
location /favicon.ico { access_log off; log_not_found off; }
root /var/www;
}
If you have a basic index.html or similar in /var/www, you should see something like the following:
The error message will vary between browsers, but they're all simply letting you know that the certificate presented couldn't be validated and therefore can't be intrinsically trusted. For testing, add an exception here; you should see the SSL site served by NGINX:
