NGINX.COM
Web Server Load Balancing with NGINX Plus

The determination and clever behavior of bad actors on the Internet seems to know no bounds. Nearly every day, news about another network breach, data theft, or ransomware attack hits the headlines. The consequences can be catastrophic, making it increasingly important to protect web assets and traffic from falling into the malicious hands of hackers.

As one of the major types of Internet traffic, HTTP traffic between browsers and websites, is of course subject to these attacks. One fundamental way to protect HTTP traffic from eavesdropping and tampering is to encrypt it using the Transport Layer Security (TLS) protocol. Encrypted traffic is properly called HTTPS traffic, with the S standing for secure, but in most cases plain HTTP is used to refer to both traffic types.

You can tell whether a website supports encryption by looking at the URL:

  • URLs starting with https:// are using encryption
  • URLs starting with http:// have no encryption

Many browsers also show a padlock icon at the left end of the address bar when encryption is being used.

Note: The predecessor to TLS, Secure Sockets Layer (SSL), is now deprecated but still quite commonly used despite its security weaknesses. Similarly, the term SSL (or SSL/TLS) is often used when referring to encryption for HTTP traffic, even when TLS is actually in use.

SSL/TLS and NGINX

As a quick introduction to SSL/TLS encryption in NGINX, let’s look at some directives. The basic NGINX configuration for HTTPS is quite simple:

server {
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     www.example.com.crt;
    ssl_certificate_key www.example.com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    #...
}

The listen directive tells NGINX to listen on port 443 for HTTPS traffic (the ssl parameter) to the domain named by the server_name directive (here, www.example.com).

The ssl_certificate and ssl_certificate_key directives name the files where the domain’s TLS certificate and key are stored. The ssl_protocols and ssl_ciphers directives specify, respectively, which versions of SSL/TLS and which cipher suites (encryption algorithms) this NGINX virtual server supports. With these directives in place, NGINX negotiates a secure connection with the client and serves HTTPS content authenticated by your certificate.

Watch the Webinar

It’s one thing to describe how the directives for HTTPS are used, but understanding the concepts behind certificates, keys, and ciphers is far more involved. For a thorough and approachable introduction, watch our free on‑demand webinar NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX.

In the webinar, you can go in‑depth on web traffic encryption and learn:

  • How NGINX establishes an HTTPS‑protected session with a client
  • Basic and advanced NGINX configurations, with a real‑time demo
  • Ways to redirect HTTP requests to HTTPS
  • Recommended TLS settings

If you’re interested in getting started with NGINX Open Source and still have questions, join the NGINX Community Slack – introduce yourself and get to know this community of NGINX power users! If you’re ready for NGINX Plus, start your free 30-day trial today or contact us to discuss your use cases.

Hero image

Learn how to deploy, configure, manage, secure, and monitor your Kubernetes Ingress controller with NGINX to deliver apps and APIs on-premises and in the cloud.



About The Author

Robert Haynes

Technical Marketing Manager

About F5 NGINX

F5, Inc. is the company behind NGINX, the popular open source project. We offer a suite of technologies for developing and delivering modern applications. Together with F5, our combined solution bridges the gap between NetOps and DevOps, with multi-cloud application services that span from code to customer.

Learn more at nginx.com or join the conversation by following @nginx on Twitter.