I was asked if I could provide my Nginx configuration for SSL-enabled sites yesterday so I thought I would write up a quick post. This is very similar to creating a standard site container with the addition of another server block that will be listening on port 443. Also, any traffic that comes in on port 80 will automatically be redirected over to the secure site. Nginx will handle the secure portion of the connection so there are no settings to modify on Tomcat. It should “Just Work” ™.
I will be referencing the additional configuration files that are outlined in My Final Nginx/Railo Connector post. Below is the template I use for SSL-enabled sites:
The important differences here are the ssl keys: ssl, ssl_certificate and finally ssl_certificate_key. Now I need to generate the certificate and certificate key that I am going to use. For clarity, here is the excellent post explaining how to generate the SSL keys. Although this is outlined on older versions of Ubuntu it should still work just fine.
Once the new keys have been generated and put in the proper place (/etc/ssl/certs and /etc/ssl/private) it is only a matter of restarting Nginx and enjoying the SSL goodness.