HTTPS protocol lets the users use a website in a secure and protected way. What it basically means is, it sends information to the website server in an encrypted form and also receives the information on the user’s computer or mobile in an encrypted form. You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications. Security wise it is critical because it restricts the intruders exploiting unprotected resources between your websites and users. This helps to protect website users from getting identified and their behavior pattern being noted. Aside from providing critical security and data integrity for both your websites and your user’s personal information, HTTPS is a requirement for many new browser features.
Easiest & Free Option
There are various ways to secure your website and enable HTTPS protocol. Some are technically difficult and others are expensive. I was just setting up an example hobby website and needed it served via HTTPS. I wanted a simple and free way to do it. Here is how I did it.
- Website already propagating through Cloudflare account
- Access to Shell terminal
- Nginx with admin access
1. Head over to “Crypto” tab SSL from the drop-down.
I recommend Full(strict) Option because this will make sure everything is delivered through HTTPS instead of mixed protocols.
2. Create origin Certificates through Cloudflare
Make sure you have an entry in the hosts that covers subdomains and the main domain
3. Save Keys
This will generate two keys. When is your private key and the other is your public certificate. Go ahead and save both of these on your server. You are going to use these in your vhost settings.
4. Now open your vhost configuration file for the domain and add two server blocks. One server block will handle port 80 (HTTP) and will redirect all the traffic to port 443 (HTTPS)
5. Some people usually skip the points 4 and 5 and just enable redirection in the cloudflare interface. I personally had some issues with this especially the website had multiple servers running on different ports and they needed to communicate with each other. But if your website is simple, then you’ll be fine with this step.
This article is just a journal entry for myself and it’s a quick and easy way to setup HTTPS protocol. However, if you have trouble following along following are some of the resources which you can go through to more details and understand prerequisite steps as well.
I also want to clarify, this approach is good for small hobby websites which don’t really deal with a lot of user data. But, if you are running a website that stores and propagates critical information, I recommend buying a proper certificate and not rely on a shared free certificates like the one from Cloudflare.