Skip to content

Instantly share code, notes, and snippets.

@mayeenulislam

mayeenulislam/how-to-secure-your-site-with-https.md

Forked from nepsilon/how-to-secure-your-site-with-https.md
Created May 26, 2017 12:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mayeenulislam/1ac85d1af0aac6836fa0347790fbb644 to your computer and use it in GitHub Desktop.
Save mayeenulislam/1ac85d1af0aac6836fa0347790fbb644 to your computer and use it in GitHub Desktop.
Download ZIP
How to secure your site with HTTPS? — First published in fullweb.io issue #101
Raw
how-to-secure-your-site-with-https.md

How to secure your site with HTTPS?

With HTTP everything is visible when traveling on the Internet. By generating an SSL certificate and configuring your webserver you can force browsers to use HTTPS. Here is how to proceed:

# 1. Install letsencrypt
sudo pip install letsencrypt

# 2. Generate a cerficate for your doman
sudo certbot certonly -d mydomain.com

# 3. Configure your nginx config file 
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

# 4. Reload nginx and you're done
service nginx reload

Redirect HTTP to HTTPS:

server {
  server_name mydomain.com;
  listen 80;
  return 301 https://mydomain.com$request_uri;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment