Skip to content

Instantly share code, notes, and snippets.

@nepsilon

nepsilon/how-to-secure-your-site-with-https.md

Last active August 9, 2018 11:19
Show Gist options
  • Star 10 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save nepsilon/d8db61cd9d464e0e15a2992ac7c656f9 to your computer and use it in GitHub Desktop.
Save nepsilon/d8db61cd9d464e0e15a2992ac7c656f9 to your computer and use it in GitHub Desktop.
Download ZIP
How to secure your site with HTTPS? — First published in fullweb.io issue #101
Raw
how-to-secure-your-site-with-https.md

How to secure your site with HTTPS?

With HTTP everything is visible when traveling on the Internet. By generating an SSL certificate and configuring your webserver you can force browsers to use HTTPS. Here is how to proceed:

# 1. Install letsencrypt
sudo pip install letsencrypt

# 2. Generate a cerficate for your doman
sudo certbot certonly -d mydomain.com

# 3. Configure your nginx config file 
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

# 4. Reload nginx and you're done
service nginx reload

Redirect HTTP to HTTPS:

server {
  server_name mydomain.com;
  listen 80;
  return 301 https://mydomain.com$request_uri;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment