Back to Basics: Web Traffic Encryption with SSL/TLS and NGINX

Back to Basics: Web Traffic Encryption with SSL/TLS and NGINX

The determination and clever behavior of bad actors on the Internet seems to know no bounds. Nearly every day, news about another network breach, data theft, or ransomware attack hits the headlines. The consequences can be catastrophic, making it increasingly important to protect web assets and traffic from falling into the malicious hands of hackers.

As one of the major types of Internet traffic, HTTP traffic between browsers and websites, is of course subject to these attacks. One fundamental way to protect HTTP traffic from eavesdropping and tampering is to encrypt it using the Transport Layer Security (TLS) protocol. Encrypted traffic is properly called HTTPS traffic, with the S standing for secure, but in most cases plain HTTP is used to refer to both traffic types.

You can tell whether a website supports encryption by looking at the URL:

• URLs starting with https:// are using encryption
• URLs starting with http:// have no encryption

Many browsers also show a padlock icon at the left end of the address bar when encryption is being used.

Note: The predecessor to TLS, Secure Sockets Layer (SSL), is now deprecated but still quite commonly used despite its security weaknesses. Similarly, the term SSL (or SSL/TLS) is often used when referring to encryption for HTTP traffic, even when TLS is actually in use.

SSL/TLS and NGINX

As a quick introduction to SSL/TLS encryption in NGINX, let’s look at some directives. The basic NGINX configuration for HTTPS is quite simple:

server {
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     www.example.com.crt;
    ssl_certificate_key www.example.com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    #...
}

The listen directive tells NGINX to listen on port 443 for HTTPS traffic (the ssl parameter) to the domain named by the server_name directive (here, www.example.com).

The ssl_certificate and ssl_certificate_key directives name the files where the domain’s TLS certificate and key are stored. The ssl_protocols and ssl_ciphers directives specify, respectively, which versions of SSL/TLS and which cipher suites (encryption algorithms) this NGINX virtual server supports. With these directives in place, NGINX negotiates a secure connection with the client and serves HTTPS content authenticated by your certificate.

Watch the Webinar

It’s one thing to describe how the directives for HTTPS are used, but understanding the concepts behind certificates, keys, and ciphers is far more involved. For a thorough and approachable introduction, watch our free on‑demand webinar NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX.

In the webinar, you can go in‑depth on web traffic encryption and learn:

• How NGINX establishes an HTTPS‑protected session with a client
• Basic and advanced NGINX configurations, with a real‑time demo
• Ways to redirect HTTP requests to HTTPS
• Recommended TLS settings

If you’re interested in getting started with NGINX Open Source and still have questions, join the NGINXCommunity Slack – introduce yourself and get to know this community of NGINX power users! If you’re ready for NGINX Plus, start your free 30-day trial today or contact us to discuss your use cases.

The post Back to Basics: Web Traffic Encryption with SSL/TLS and NGINX appeared first on NGINX.

Source: Back to Basics: Web Traffic Encryption with SSL/TLS and NGINX