Nginx SSL Configuration Best Practices

1 min read

Authors
banner

Table of Contents

Nginx SSL Best Practices

Production-Ready Config

server {
    listen 443 ssl http2;
    server_name example.com;

    # Certificates
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    # TLS versions
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers HIGH:!aNULL:!MD5;

    # Performance
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
}

Security Settings

SettingValuePurpose
ssl_protocolsTLSv1.2 TLSv1.3Only modern versions
ssl_ciphersHIGH:!aNULL:!MD5Strong encryption
ssl_prefer_server_ciphersonServer chooses cipher

Security Headers

add_header Strict-Transport-Security "max-age=31536000" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;

Production secure!

Discuss on TwitterView on GitHub
© 2025 Vijay Rajendran