The determination and clever behavior of bad actors on the Internet seems to know no bounds. Nearly every day, news about another network breach, data theft, or ransomware attack hits the headlines. The consequences can be catastrophic, making it increasingly important to protect web assets and traffic from falling into the malicious hands of hackers.
As one of the major types of Internet traffic, HTTP traffic between browsers and websites, is of course subject to these attacks. One fundamental way to protect HTTP traffic from eavesdropping and tampering is to encrypt it using the Transport Layer Security (TLS) protocol. Encrypted traffic is properly called HTTPS traffic, with the S standing for secure, but in most cases plain HTTP is used to refer to both traffic types.
You can tell whether a website supports encryption by looking at the URL:
Many browsers also show a padlock icon at the left end of the address bar when encryption is being used.
Note: The predecessor to TLS, Secure Sockets Layer (SSL), is now deprecated but still quite commonly used despite its security weaknesses. Similarly, the term SSL (or SSL/TLS) is often used when referring to encryption for HTTP traffic, even when TLS is actually in use.
As a quick introduction to SSL/TLS encryption in NGINX, let’s look at some directives. The basic NGINX configuration for HTTPS is quite simple:
server { listen 443 ssl;
server_name www.example.com;
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
#...
}
The listen
directive tells NGINX to listen on port 443 for HTTPS traffic (the ssl
parameter) to the domain named by the server_name
directive (here, www.example.com).
The ssl_certificate
and ssl_certificate_key
directives name the files where the domain’s TLS certificate and key are stored. The ssl_protocols
and ssl_ciphers
directives specify, respectively, which versions of SSL/TLS and which cipher suites (encryption algorithms) this NGINX virtual server supports. With these directives in place, NGINX negotiates a secure connection with the client and serves HTTPS content authenticated by your certificate.
It’s one thing to describe how the directives for HTTPS are used, but understanding the concepts behind certificates, keys, and ciphers is far more involved. For a thorough and approachable introduction, watch our free on‑demand webinar NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX.
In the webinar, you can go in‑depth on web traffic encryption and learn:
If you’re interested in getting started with NGINX Open Source and still have questions, join the NGINX Community Slack – introduce yourself and get to know this community of NGINX power users! If you’re ready for NGINX Plus, start your free 30-day trial today or contact us to discuss your use cases.
"This blog post may reference products that are no longer available and/or no longer supported. For the most current information about available F5 NGINX products and solutions, explore our NGINX product family. NGINX is now part of F5. All previous NGINX.com links will redirect to similar NGINX content on F5.com."