How to Configure NGINX to get an A+ SSL Labs Rating
Disclosure. This page contains links to products that may earn us a small commission at no extra cost to you, should you click on them and make a purchase.
Read full disclosure.
SSL Labs provide a free tool that lets you check the security of your web servers SSL configuration. The tool performs a scan of your server and generates a report with A+ being the best. This tutorial will show you the steps involved in getting an A+ for an NGINX server.
Before we begin, you will need to have access to a public facing Ubuntu 18.04 server and have assigned its public IP address to your public DNS service so that your domain is resolvable.
The following steps have been tested on Ubuntu 18.04 running on a
DigitalOcean* droplet. If you don’t have a DigitalOcean account use
my affiliate link* to get $100 free credit).
Step 1: Install NGINX
Connect to the Ubuntu server with SSH and then install NGINX with the following command:
sudo apt install nginx ssl-cert
Step 2: Create Virtual Host
Create a virtual host conf file inside the /etc/nginx/sites-enabled folder with the name of the domain you want NGINX to serve. In the following example I will use test.graspingtech.com, replace this with your own.
sudo vim /etc/nginx/sites-enabled/test.graspingtech.com
Add the following config to the file replacing test.graspingtech.com with your domain.
Browse to the domain and check to see if the website loads and SSL is enabled.
Step 3: Run SSL Labs Report
Head over to the SSL Labs Test page, enter your domain, click Submit and wait for the test to complete.
You should have an A+
In this post we saw how easy it is to configure NGINX so that it gets an A+ rating by SSL Labs. You should run the report every so often and make tweaks as things may change in the future. A good way to get the latest config is to use the Mozilla SSL Configuration Generator.