Why HTTPS Is Needed and How to Configure It with Nginx and OpenSSL

HTTPS adds encryption and authentication to HTTP, protecting data from eavesdropping, tampering, and man‑in‑the‑middle attacks.

Encryption in HTTPS uses symmetric algorithms (same key for encrypt/decrypt) and asymmetric algorithms (public/private key pair) together with CA‑signed certificates to verify server and client identities.

To enable HTTPS with Nginx you must first ensure Nginx is compiled with OpenSSL and the stream_ssl_preread_module (or http_ssl_module) and install the required libraries. cat auto/options | grep YES | grep ssl Then generate a private key and a certificate signing request (CSR) using OpenSSL, optionally encrypting the key with a password.

openssl genrsa -idea -out jesonc.key 2048
openssl req -new -key jesonc.key -out jesonc.csr
openssl x509 -req -days 3650 -in jesonc.csr -signkey jesonc.key -out jesonc.crt

Place the resulting jesonc.crt and jesonc.key files in a directory (e.g., /usr/local/nginx/conf/httpsKeys) and add the following directives to the Nginx server block:

listen 443 ssl;
server_name localhost;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

ssl_certificate /usr/local/nginx/conf/httpsKeys/jesonc.crt; # certificate path
ssl_certificate_key /usr/local/nginx/conf/httpsKeys/jesonc.key; # key path

After reloading or restarting Nginx, the server will accept HTTPS connections; you can verify the setup with a browser or curl, noting that a self‑signed certificate will trigger a trust warning.