Any website these days should run on SSL, even when the content is read only like TangentUniverse. The main reasons are
- security and data integrity- with SSL you know your request hasn’t been intercepted and the response from the web server hasn’t been modified. This is especially beneficial where ISPs are tempted to insert content (read ads) or track user activity
- trust – without SSL you get the “Not Secure” warning in the browser. This doesn’t really inspire confidence
- SEO – a lot of search engines (aka Google) prioritise HTTPS websites.
There is a free service offered by https://letsencrypt.org that allows you to get a certificate for your domain. It used to cost north of $100 to get certificates before, so this is simply awesome.
I’ve previously installed certificates from LetsEncrypt so I didn’t need to do that again this time around. However I did have to get it working form nginx and WordPress
This would require updating the nginx configuration, so the first step was to backup the existing configuration (that was working fine for http)
/etc/nginx/sites-enabled$ cp tangentuniverse.com.conf ~With my existing configuration saved I could edit the site knowing I could always jump back to the old configuration.
There were two changes needed to the configuration
- Firstly redirect all HTTP traffic to HTTPS using a new “server” block
- Secondly move the main configuration of the site to listen on HTTPS, and provide the location of the SSL certificates
Adding a redirect for HTTP was simple enough
server {
listen 80;
server_name tangentuniverse.net www.tangentuniverse.net;
# redirect to HTTPS
return 301 https://$host$request_uri;
}I moved the existing server block to list on port 443
server {
listen 443 ssl;
server_name tangentuniverse.net www.tangentuniverse.net;
...Next I added the location of the SSL files to the configuration of the server listening on port 443
ssl_certificate /etc/letsencrypt/live/tangentuniverse.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tangentuniverse.net/privkey.pem; # managed by CertbotI checked the configuration using the nginx command
/etc/nginx/sites-enabled$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfula quick restart of the nginx server and all was working
/etc/nginx/sites-enabled$ sudo systemctl reload nginxTesting
To test I simply tried to load the homepage using the link https://tangentuniverse.net. I was redirected to the HTTPS version as expected.
looking in the /var/log/ngins/access.log I can see the request response pair – first is the 301 redirect and then a 200 response.
91.110.91.84 - - [17/Feb/2025:19:19:24 +0100] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
91.110.91.84 - - [17/Feb/2025:19:19:24 +0100] "GET / HTTP/1.1" 200 12394 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"On Chrome you can click on the domain name and see the site information.
