nginxlets-encrypt

How to configure Nginx to serve https only


I'm new in the web servers world, i wan't my site to serve https only (for both IPV4 & IPV6) so i implemented the following steps,

  1. install letsencrypt.
  2. install certbot with the Nginx plugin.
  3. create the certificate using command,

sudo certbot --nginx certonly -d maarath.com -d www.maarath.com

4.manually configure my site configuration file in the etc/nginx/site-available/main like below ,

server {
        listen 80  ;
        listen [::]:80  ;
        root /var/www/main/;
        index index.php index.html index.htm;
        # Make site accessible from http://localhost/
        server_name maarath.com www.maarath.com;
        location / {
                try_files $uri $uri/ =404;
        }

# HTTPS

    listen              443 ssl;
    server_name       maarath.com  www.maarath.com;
    ssl_certificate     /etc/letsencrypt/live/maarath.com/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/maarath.com/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;




        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                fastcgi_index index.php;
                include fastcgi.conf;
        }
        #deny access to .htaccess files, if Apache's document root
        #concurs with nginx's one
        location ~ /\.ht {

        }
}
  1. run command nginx -t with no issues.
  2. restart nginx.

The issue is my site still not secure after all the above steps, did i miss something or did it wrong ? any help would be much appreciated .


Solution

  • Fist off, I believe your config is missing the second server { right under # HTTPS

    Just to get that right, your website https://maarath.com throws an SSL Error? Because from my perspective it works just fine. Or do you mean that http is not redirected to https?

    If that's the case add

    return 301 https://maarath.com$request_uri;
    

    To your first server block. Right above

    server_name ...
    

    This should automatically redirect all requests from http to https.