Setting up SSL with Nginx and SSLMate

SSLMate
I recently discovered a pretty amazing SSL service called SSLMate that is designed for developers and simplicity of use. Because of how simple they make things, this post will be extremely short. In fact, you could just head over to their page and easily get going by yourself. Nevertheless, I will outline it here.

If you prefer “free” instead and don’t mind doing extra work and navigating a confusing website, you can refer to my previous article Setting up SSL with Nginx and Startssl

Preparations

The only prerequisite is that you have the package “ca-certificates” installed on your server.

Now we need to install SSLMate itself. *Note* they have different paths for different OS’s so browse over to https://sslmate.com/help/getting_started to get the appropriate lines (the ones below are for Ubuntu 14.04)

Obviously you need to signup at sslmate’s website and fill in your credit card info (it’s not charged until you issue the buy command)

Now on the command line, navigate to the folder you wish to store the certs. (I made a folder in ~/certs) and issue the buy command. *Note certs issues for hostname.com will also work for www.hostname.com*

Now we need to configure nginx to use the certificates. Typically I symlink the certs into the /etc/nginx/ssl folder (you may need to create it.)

You need to modify your domain’s virtual host file to change the port and add the certificate information. the top lines inside the main “server” block for that domain should read like this.

If you run a HTTPS-only site, you should consider using HTTP Strict Transport Security (HSTS). HSTS tells a browser that the website should only be accessed through a secure connection. Just add this below the certificate lines.

If you serve a page over HTTPS, usually you will never allow your content to be framed. This can be specified by the X-Frame-Options header. You can configure this by then adding this line below the previous ones.

Now if you want to use the recommended security settings of SSLMate in their entirety, make your file look like this

After you have saved the virtual host file (/etc/nginx/sites-available/domain) you need to restart nginx for the changes to take affect.

That should be it!

Posted in Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *

*