Securing NGINX (Debian/Ubuntu)

Step 2b -Configure/Enable NGINX Websites for HTTP/HTTPS

Configuring NGINX Sites to use HTTP/HTTPS

There are a number of considerations you have in the https configuration file. A great guide for options and other considerations
Let us create a place to securely hold the Public/Private Keys and Certificates

Creating the HTTP Web site file

Change the Blue EXAMPLE to whatever is appropriate for your needs

nano /etc/nginx/sites-available/EXAMPLE_com.conf

server {
    listen 80;
    listen [::]:80;
    root /var/www/htmnl/example;
    index index.html;
    access_log /var/log/nginx/access.log combined;
    error_log /var/log/nginx/error.log warn;
    location / {
    try_files $uri $uri/ =404;
     }
}

Close and exit the file

ctrl + o   (Save)
ctrl + x   (Exit)

Creating the HTTPS Web site file

Change the Blue EXAMPLE to whatever is appropriate for your needs

 nano /etc/nginx/sites-available/EXAMPLE_com_ssl.conf

server {
    listen 443 ssl;
    server_name example.com www.example.com;    <--- Change this to whatever website name you want to use
    root /var/www/html/example;    <--- Change this to the directory where the website files are located
    index index.html;    <--- Change this if you wish to have another name for the default page
    access_log /var/log/nginx/access.log combined;
    error_log /var/log/nginx/error.log warn;
    ssl_certificate /etc/nginx/ssl/EXAMPLE_com.crt;    <--- Change this to the Self Signed or the Certificate Authority Signed Certificate
    ssl_certificarte_key /etc/nginx/ssl/EXAMPLE.key;    <--- Change this to the key you generated for the site
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 5m;
    ssl_session_tickets on;    <--- We do not want clients connecting with older tickets, but instead initiate a full handshake
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;    <--- Helps to speed the random generation, increase DH key strength and handshake process
    ssl_ecdh_curve secp521r1:X448:X25519:secp384r1;    <--- These are the curves you are willing to accept in order of preference... add any other supported curves you desire
}

Close and exit the file

ctrl + o   (Save)
ctrl + x   (Exit)

We will be updating this section to include securing our system files, directories, and protecting our content from being displayed on someone else's website.