Please share your working NGNIX Conf for a SSL Wordpress

Question

I have spent 20 hours trying to solve the issue of infinite 302 redirects to a HTTPS Wordpress site. I have followed the various tutorials, and discussion threads on the Internet. Whatever I try the site simply spins in an infinite 302 redirect loop.

Can someone please share a working NGNIX Conf for a Wordpress with HTTPS.

That’s all I want for Christmas right now.

Eldin Hadzic · Answer

This should work :-) (I am not using WordPress)

Please generate a DH Group

mkdir /etc/nginx/tls
cd /etc/nginx/tls
openssl dhparam -out dhparams.pem 4096

Remove http2 if your NGINX version is under 1.9.5
Change ssl_protocols to TLSv1 TLSv1.1 TLSv1.2; to allow older Clients
ssl_trusted_certificate should be the full chain

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name domain.com;

    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server ipv6only=on;

    ###
    # TLS CONFIGURATION
    ###

    ##
    # BASIC
    ##

    ssl_certificate /location;
    ssl_certificate_key /location;
    ssl_trusted_certificate /location;
    ssl_protocols TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    ##
    # DH PARAMS
    ##

    ssl_dhparam /etc/nginx/tls/dhparams.pem;

    ##
    # OCSP
    ##

    ssl_stapling on;
    ssl_stapling_verify on;

    ##
    # HEADERS
    ##

    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    ###
    # TLS END
    ###
[...]

Related

Question

Please share your working NGNIX Conf for a SSL Wordpress

Related