Need to migrate your e-mails to a new server? Free and paid versions of our online tool available.
Hero Image

Enable TLS/SSL on Nginx – OpenBSD 7.5

nginx openbsd nginx

Enable TLS/SSL on Nginx – OpenBSD 7.5

Step 1 – Self-signed certificate (testing)

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -keyout /etc/ssl/private/nginx-selfsigned.key \
    -out /etc/ssl/certs/nginx-selfsigned.crt \
    -subj "/CN=example.com"
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Step 2 – Server block

server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name example.com www.example.com;
    ssl_certificate     /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
    ssl_dhparam         /etc/ssl/certs/dhparam.pem;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    root  /var/www/example.com/html;
    index index.html;
    location / { try_files $uri $uri/ =404; }
}

Step 3 – Test and reload

nginx -t && rcctl reload nginx

For a real certificate use Certbot.

Previous Post Next Post