Get an SSL certificate via
https://www.sslforfree.com/ 90 days is for free, only domain ssl, card is paid subscription
download the certificate and create an directory on your host where you can store the certicates.
the downloaded certicate files are:
private.key
certicate.crt
ca_bundle.crt
for instance copy the files to "/var/certs/", rename them to domain_certicate.crt and domain_private.key or create a subdirectory for your domain.
enable ssl on your firewall via
ufw enable https or ufw enable 443
now edit you site configuration file in /etc/nginx/sites/available via nano.
following nginx configuration consists out of 3 parts to enforce ssl and https://www.
server1 : http incomming on //domain and www.domain with redirect to https://www
server2: https incomming on https://domain and redirect to https://www.domain and declaration for ssl cerficates.
server3: https incomming on https://www.domain which contains all configuation, in this example with no-cache for index.html and caching for images (react is used)
see: https://www.nginx.com/blog/creating-nginx-rewrite-rules/
server{
listen 80;
server_name domainname.com www.domainname.com
return 301 https://www.$server_name$request_uri;
}
server {
listen [::]:443 ssl;
listen 443 ssl;
ssl_certificate /var/certs/certificate.crt;
ssl_certificate_key /var/certs/private.key;
server_name domainname.com;
return 301 https://www.$server_name$request_uri;
}
server {
listen [::]:443 ssl http2 ipv6only=on;
listen 443 ssl http2;
ssl_certificate /var/certs/certificate.crt;
ssl_certificate_key /var/certs/private.key;
root /var/www/domainname/rootdir;
index index.html;
server_name www.domainname.com;
access_log /var/log/nginx/domainname.com.access.log;
error_log /var/log/nginx/domainname.com.error.log;
location ~* \.(jpg|jpeg|png|gif|ico|css|js|webp)$ {
expires 365d;
}
location / {
try_files $uri /index.html =404;
add_header Cache-Control "no-cache";
}
}
after saving reload nginx and restart.
