What SSL protocols and ciphers should I use?
Use ssl_protocols TLSv1.2 TLSv1.3 (disable TLSv1.0 and 1.1 as they're insecure). Use ssl_ciphers HIGH:!aNULL:!MD5 for strong ciphers only. Set ssl_prefer_server_ciphers on and ssl_session_cache shared:SSL:10m for performance.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in Nginx SSL and HTTPS Configuration Secure Your Node.js App with Let's Encrypt
Install certbot, run sudo certbot --nginx -d yourdomain.com. Certbot obtains the SSL certificate and modifies Nginx config automatically. It adds listen 443 ssl, certificate paths, and HTTP to HTTPS redirect. Set up auto-renewal with certbot renew --dry-run.
Create a server block with listen 80 and return 301 https://$host$request_uri. This permanently redirects all HTTP traffic to HTTPS. Certbot adds this automatically when you run it with the --nginx flag.
Strict-Transport-Security (HSTS) tells browsers to always use HTTPS for your domain, even if the user types http://. Add add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains' always to prevent SSL stripping attacks.
Still have questions?
Browse all our FAQs or reach out to our support team
