How can I set up SSL?

Step 1. Create default-ssl.conf or YOURDOMAIN-ssl.conf

server {
    listen      443 default ssl http2;
    server_name {Your-Domain-Name};
    root        /var/www/vhosts/{Your-EC2-Instance-ID_or_YourDomain};
    index       index.html index.htm;
    charset     utf-8;

    ssl                  on;
    ssl_certificate      /path/to/cert.pem;
    ssl_certificate_key  /path/to/cert.key;
    ssl_session_timeout  5m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    access_log  /var/log/nginx/ssl.access.log  main;
    error_log   /var/log/nginx/ssl.error.log;

    include     /etc/nginx/drop;

    expires $expires;

    set $do_not_cache 0;
    if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
        set $do_not_cache 1;
    if ($request_method = POST) {
        set $do_not_cache 1;

    set $proxy_https 'on';
    set $proxy_proto $scheme;

    set $mobile '';
    #include /etc/nginx/mobile-detect;

    rewrite /wp-admin$ $uri/ permanent;
    #rewrite ^(.*)(index|home|default)\.html? $1 permanent;

    location ~ \.php$ {
        try_files $uri @wordpress;

        proxy_no_cache     1;
        proxy_cache_bypass 1;
        proxy_redirect     off;
        proxy_pass         http://backend;

    location / {
        try_files $uri @wordpress;

    location @wordpress {

        proxy_no_cache     $do_not_cache;
        proxy_cache_bypass $do_not_cache;

        proxy_redirect     off;
        proxy_cache        czone;
        proxy_cache_key    "$proxy_proto://$host$request_uri$mobile";
        proxy_cache_valid  200 0m;
        proxy_pass         http://backend;

    # When you use phpMyAdmin, uncomment the line "include /etc/nginx/phpmyadmin;"
    # and delete or comment out the below line "location ~* /(phpmyadmin|myadmin|pma) { }".
    #include     /etc/nginx/phpmyadmin;
    location ~* /(phpmyadmin|myadmin|pma) {
        access_log off;
        log_not_found off;
        return 404;

    # redirect server error pages to the static page /50x.html
    error_page  502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;

Seeing above, please create the file /etc/nginx/conf.d/ssl.default.conf.

In doing so, replace {your EC2 Instance ID} with your EC2 instance ID.
(If you have no idea about this, it is ok to copy the same row of /etc/nginx/conf.d/default.conf)

Also, at line 9 and 10, please specify the path to the server certificate and private key you would like to use.


Step 2. Changing Security Group

Edit security group to enable https connection to the server.

  1. Access to AWS Management console;
  2. Choose [Security Group] attached in your instance on the EC2 dashboard;
  3. Choose [Edit inbound rules] from [Actions];
  4. Add HTTP and click [Save];
Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk