Back to Docs
Documentation

Nginx SSL/TLS Configuration Guide

Step-by-step guide to configuring SSL/TLS on Nginx for secure HTTPS connections.

Why SSL/TLS?

SSL/TLS encrypts traffic between your users and your server. It's essential for security, required for HTTP/2, and is a ranking factor for search engines.

Basic SSL Configuration

server {
    listen 443 ssl http2;
    server_name example.com;

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;


ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
}

HTTP to HTTPS Redirect

Always redirect HTTP traffic to HTTPS:

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

HSTS (HTTP Strict Transport Security)

Tell browsers to always use HTTPS:

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

OCSP Stapling

Improve SSL handshake performance:

ssl_stapling on;
ssl_stapling_verify on;

Mozilla SSL Presets

Mozilla provides recommended cipher configurations:

  • Modern — TLS 1.3 only, highest security
  • Intermediate — TLS 1.2+, balance of security and compatibility
  • Legacy — Broad compatibility, lower security
Use our generator to apply these presets automatically!

Other Guides

How to Set Up Nginx Reverse Proxy

Complete guide to configuring Nginx as a reverse proxy for your web applications.

Nginx Load Balancing Explained

Learn how to configure Nginx load balancing with upstream blocks, methods, and health checks.

Security Headers in Nginx

Complete guide to configuring security headers in Nginx to protect your web application.

Ready to build your config?

Use Configen to generate or audit your server configuration — no coding required.

Open Generator Try the Linter →