There are a number of considerations you have in the https configuration file. A great guide for options and other considerations
Let us create a place to securely hold the Public/Private Keys and Certificates
Change the Blue EXAMPLE to whatever is appropriate for your needs
nano /etc/nginx/sites-available/EXAMPLE_com.conf server {
listen 80;
listen [::]:80;
root /var/www/htmnl/example;
index index.html;
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log warn;
location / {
try_files $uri $uri/ =404;
}
}
Change the Blue EXAMPLE to whatever is appropriate for your needs
nano /etc/nginx/sites-available/EXAMPLE_com_ssl.conf server {
listen 443 ssl;
server_name example.com www.example.com; <--- Change this to whatever website name you want to use
root /var/www/html/example; <--- Change this to the directory where the website files are located
index index.html; <--- Change this if you wish to have another name for the default page
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log warn;
ssl_certificate /etc/nginx/ssl/EXAMPLE_com.crt; <--- Change this to the Self Signed or the Certificate Authority Signed Certificate
ssl_certificarte_key /etc/nginx/ssl/EXAMPLE.key; <--- Change this to the key you generated for the site
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_session_tickets on; <--- We do not want clients connecting with older tickets, but instead initiate a full handshake
ssl_dhparam /etc/nginx/ssl/dhparam.pem; <--- Helps to speed the random generation, increase DH key strength and handshake process
ssl_ecdh_curve secp521r1:X448:X25519:secp384r1; <--- These are the curves you are willing to accept in order of preference... add any other supported curves you desire
}
We will be updating this section to include securing our system files, directories, and protecting our content from being displayed on someone else's website.