Fdfc4b1f71c10a2fe819e0c7b609e5f33a085753
By:
elia

Please share your working NGNIX Conf for a SSL Wordpress

December 13, 2015 1.7k views
Nginx WordPress Ubuntu

I have spent 20 hours trying to solve the issue of infinite 302 redirects to a HTTPS Wordpress site. I have followed the various tutorials, and discussion threads on the Internet. Whatever I try the site simply spins in an infinite 302 redirect loop.

Can someone please share a working NGNIX Conf for a Wordpress with HTTPS.

That's all I want for Christmas right now.

1 Answer

This should work :-) (I am not using WordPress)

Please generate a DH Group

mkdir /etc/nginx/tls
cd /etc/nginx/tls
openssl dhparam -out dhparams.pem 4096
  • Remove http2 if your NGINX version is under 1.9.5
  • Change ssl_protocols to TLSv1 TLSv1.1 TLSv1.2; to allow older Clients
  • ssl_trusted_certificate should be the full chain
server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name domain.com;

    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server ipv6only=on;

    ###
    # TLS CONFIGURATION
    ###

    ##
    # BASIC
    ##

    ssl_certificate /location;
    ssl_certificate_key /location;
    ssl_trusted_certificate /location;
    ssl_protocols TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    ##
    # DH PARAMS
    ##

    ssl_dhparam /etc/nginx/tls/dhparams.pem;

    ##
    # OCSP
    ##

    ssl_stapling on;
    ssl_stapling_verify on;

    ##
    # HEADERS
    ##

    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    ###
    # TLS END
    ###
[...]
  • Awesome thanks!

  • Hello,

    is this a working ssl setup? for a drupal site ( nginx 1.8.0)

    server {
    listen 80 defaultserver;
    listen [::]:80 default
    server ipv6only=on;

    listen 443 ssl;

    root /var/www/html/drupal;
    index index.php index.html index.htm;

    sslcertificate /etc/nginx/ssl/public.crt;
    ssl
    certificate_key /etc/nginx/ssl/mykey.key;

    errorpage 404 /404.html;
    error
    page 500 502 503 504 /50x.html;
    location = /50x.html {
    root /usr/share/nginx/html;
    }

    location = /favicon.ico {
    lognotfound off;
    access_log off;
    }

    location = /robots.txt {
    allow all;
    lognotfound off;
    access_log off;
    }

    location ~ ../..php$ {
    return 403;
    }

    location ~ ^/sites/.*/private/ {
    return 403;
    }

    location ~ (^|/). {
    return 403;
    }

    location / {
    try_files $uri @rewrite;
    }

    location @rewrite {
    rewrite ^ /index.php;
    }

    location ~ .php$ {
    fastcgisplitpathinfo ^(.+.php)(/.+)$;
    include fastcgi
    params;
    fastcgiparam SCRIPTFILENAME $requestfilename;
    fastcgi
    intercepterrors on;
    fastcgi
    pass unix:/var/run/php5-fpm.sock;
    }

    location ~ ^/sites/.*/files/styles/ {
    try_files $uri @rewrite;
    }

    location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
    expires max;
    lognotfound off;
    }
    }

    Thanks alot

Have another answer? Share your knowledge.