Secure Nginx with Free Let’s Encrypt SSL Certificate on Ubuntu 16 Xenial Xerus

Video ready, click here to close ×


in This Tutorial you will learn How To Secure Nginx web server with Free Let’s Encrypt SSL Certificate on Ubuntu 16 04 Xenial Xerus
Let’s Encrypt is a new non-profit Certificate Authority (CA) sponsored and founded by industry advocates; such as, the Electronic Frontier Foundation (EFF), Mozilla, and the Internet Security Research Group (ISRG). Let’s Encrypt will be launching very soon and will be offering free SSL certificates
SSL certificates are used within web servers to encrypt the traffic between the server and client, providing extra security for users accessing your application. Let’s Encrypt provides an easy way to obtain and install trusted certificates for free.

sudo apt-get install git bc && sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

gedit /etc/nginx/sites-available/quicknotepad.club
location ~ /.well-known {
allow all;
}

sudo nginx -t
sudo service nginx reload

Generate an SSL Certificate:-
cd /opt/letsencrypt
./letsencrypt-auto certonly -a webroot –webroot-path=/var/www/quicknotepad.club/html -d www.quicknotepad.club
Change webroot-path to your site’s document root path-
Change “www.quicknotepad.club” to your own domain name –

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

gedit /etc/nginx/snippets/ssl-quicknotepad.club.conf
ssl_certificate /etc/letsencrypt/live/www.quicknotepad.club/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.quicknotepad.club/privkey.pem;

gedit /etc/nginx/snippets/ssl-params.conf
# from https://cipherli.st/
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented…

source

Leave a Reply

Your email address will not be published. Required fields are marked *