After exploring different WordPress-Nginx configurations lets head over to secure your WordPress.
Steps mentioned in this article are similar for all kind of WordPress-Nginx configuration.
Step 1: Create CSR – Certificate Signing Request on Nginx Server
Create a directory to store keys & certifcates for example.com domain. You can use any directory. Following example uses these conventions.
mkdir /var/www/example.com/cert/ cd /var/www/example.com/cert/
Next, create a 2048-bit private key
openssl genrsa -out example.com.key 2048
Finally Create a CSR (Certificate signing request)
openssl req -new -key example.com.key -out example.com.csr
Running this command will ask you some details. For Common Name (eg, YOUR name) []:
field use example.com
(or *.example.com
if you are setting up a wild-card SSL certificate)
Note: www.example.com and example.com are not same. Use exactly same domain your website is using.
Step 2: Get a SSL Certificate from GoDaddy
- Buy a SSL certificate from GoDaddy.com.
- Paste CSR i.e. content of
example.com.csr
in GoDaddy web-interface. You will need to provide some more details, Try to match them to details in Step #1. - Depending on type of certificate, it may take some time for GoDaddy to approve your certificate.
- Once certificate is approved, you can download it. For detailed instructions on downloading, please refer this.
Promo: You can buy Thwate SSL certificates from us. We are a Thwate reseller but we sell cheaper than them! 😉
Step 3: Fix Intermediate Certificate Chain
The zip file you will get from Godaddy will contain 2 files: example.com.crt
and gd_bundle.crt
.
One is your certificate and other is bundle i.e intermediate certificates. Nginx doesn’t have a special directive to specify path to certificate bundle/chain file. So we need to append bundle into SSL certificate file itself in a way that SSL certificate remains on top.
You can do it simply by running following command:
cat gd_bundle.crt >> example.com.crt
Move this example.com.crt
file to /var/www/example.com/cert/
directory on nginx server.
Step 4: Adjusting Nginx Configuration
Enable SSL for example.com
Make it look like below:
server { listen 443; server_name example.com; ssl on; ssl_certificate /var/www/example.com/cert/example.com.crt; ssl_certificate_key /var/www/example.com/cert/example.com.key; #... other stuff }
Force non SSL site to redirect traffic to SSL
Add following codes if you want to force SSL on your site.
server { listen 80; server_name example.com; return 301 https://example.com$request_uri; }
Turn on SSL session cache for performance
In file /etc/nginx/nginx.conf
, inside http {..}
block add following:
http { ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; #... other stuff }
Also make sure value of worker_processes
directive is greater than 1 (only if your server has multiple cores).
Finally, reload the processes to make the change take effect.
service nginx reload
Step-4: Ask WordPress to use SSL
Add following to you WordPress’s wp-config.php file.
To force SSL for login form:
define('FORCE_SSL_LOGIN', true);
To force SSL for wp-admin section:
define('FORCE_SSL_ADMIN', true);
Step-5: Verifying SSL Installation
Last and most important step is to verify if we have installed SSL certificate properly.
Below are some nice online tools to help you with that:
If you face any issues, feel free to use our free support forum.
Links: WordPress-Nginx Series | Buy Thawte SSL Certificates for upto 67% discount
Hi, I’ve been following along and everything seems to be working (Nginx + WordPress + fastcgi_cache with conditional purging).
However, all the plugins for managing HTTPS I can find in WordPress are giving unexpected behaviour eg. Latching entire site on HTTPS once redirected from HTTP, or not redirecting to HTTPS from HTTP at all. I will say though, The WP-config.php force HTTPS for login and admin are the only things that seem to function as Expected.
I am hoping where I have gone wrong is here, due to having a non-standard setup after I botched this step:
server {
listen 443;
server_name example.com;
ssl on;
ssl_certificate /var/www/example.com/cert/example.com.crt;
ssl_certificate_key /var/www/example.com/cert/example.com.key;
#... other stuff
}
Sorry, but make what look like below – our sites config file in sites enabled/available?
If so, does the block in question code go in its own server {…} block before or after the existing server block already configured in past tutorials {}
(this works but may not be right?)
-If not, and it should be simply put above ‘#other stuff’ how should this SSL server block {} be combined with the existing Non-SSL server block {}
already with server name defined as
server_name: example.com www.example.com
– from a previous WP/Nginx config tutorial(this doesn’t work I think because of the duplicate of servername:?)
Hope you can help,
KC
Correction:
server_name: example.com http://www.example.com
– from a previous WP/Nginx config tutorialWas meant to be:
server_name: example.com www.example.com
– from a previous WP/Nginx config tutorialThe configuration options discussed here didn’t work for me because I wanted SSL to be optional. the “ssl on;” directive makes SSL required. I used the following configuration directives and they work great for me:
server {
listen 80;
listen 443 ssl;
server_name example.com;
ssl_certificate /var/www/example.com/cert/example.com.crt;
ssl_certificate_key /var/www/example.com/cert/example.com.com.key;
… other stuff
}
I then set the option in wp-config.php to force SSL for admin pages only.
It is not recommended to have a single page accessible over both – HTTP and HTTPS. Might create duplicate content issue in search engines.
Also, some other issues, like “HTTPS site loading insecure content warning”.
By the way, moving entire site to HTTPS won’t create much CPU overload. You can optimize SSL setup as outlined in – https://rtcamp.com/tutorials/nginx/ssl-pci-compliance-performance/
I tried setting this up but when I go to my https://pagelinescommunity.com page I get a 404 message. Is there something I’m missing?
Please post your configuration in our support forum – https://rtcamp.com/support/forum/wordpress-nginx/