Going SSL

With all of the issues around web security, there’s a pretty easy solution using EFF’s certbot and LetsEncrypt.org.  I use an Nginx proxy in front of everything, so all of the encryption terminates there.  So using certbot with webroot was pretty easy and then it was just a matter of adjusting the Nginx config.

In each site that I migrated to SSL, here’s an example of what the final config looks like.  This works for both Joomla! and WordPress sites behind Nginx.  Nginx listens on http/80 and redirects to https/443.

server {
 listen       80;
 server_name  site_name.come www.site_name.com;
 return 301 https://$host$request_uri;

server {
 listen       443 ssl;
 server_name  site_name.com www.site_name.com;
 ssl_certificate    /etc/letsencrypt/live/kuykendall.life/fullchain.pem;
 ssl_certificate_key  /etc/letsencrypt/live/kuykendall.life/privkey.pem;
 ssl on;

location / {
 proxy_set_header Host $host;
 proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Proto $scheme;

 proxy_redirect http:// https://;