Nginx with SSL and SPDY

HTTPS correctly activated for kadder.de
HTTPS correctly activated for kadder.de (Google Chrome)

As some of you may have noticed, my blog kadder.de now runs over an encrypted connection (you can recognize it by the HTTPS symbol in the browser bar). The main reason for this change, which unfortunately takes some time with the first byte time, was the possibility to offer connection via SPDY for corresponding browsers (e.g. Chrome). I was also interested in how the Conversion of the whole domain to SEO has an effect - but that will only become apparent in the near future.

 

nginx configuration for SSL and SPDY

Here is just the short version: it is assumed that Nginx, PHP, MYSQL and WordPress are already running. Details about my setup, which provides these lines, can be found in my previous blog posts: Speed Index < 1000 with Nginx, ngx_pagespeed, PHP, W3TC and nginx + PHP under Debian (+ W3TC) and Nginx: Activate Gzip. Since the SPDY support is not included in the Debian packages of nginx I use nginx from dotdeb.org

The preparations also include the procurement of an SSL certificate. I have chosen RapidSSL, but other providers work the same way. A self-signed certificate would also work, but has the disadvantage that there are error messages. If you have the SSL certificate and the SSL key, you only have to add it to the respective nginx configuration:

server {
listen 443 spdy ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/SSL.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
server_name   www.domain.de;
add_header    Alternate-Protocol 443:npn-spdy/2;
root          /var/www/domain.de;
index         index.php index.html index.htm;
try_files $uri $uri/ /index.php;
# log files, uncomment and set proper values
access_log    /var/log/nginx/domain.access.log;
error_log     /var/log/nginx/domain.error.log;
}

Short explanation of the individual lines (if they differ from the standard values). Line 2 activates the SSL and SPDY module, 443 is the default port for https connections. In lines 4 and 5 the certificate files are specified. Important again is line 7: this tells the browser that SPDY is available as an alternative protocol.

Result

If everything is set up correctly, you can see this by the green lock (in chrome) which indicates that all content is delivered over HTTPS (if you use external services like Google Fonts you have to switch to HTTPS as well, and all image URLs - the latter is easiest to do using the MYSQL database).

Advantage: you can now use SPDY (both the current Firefox and Chrome support it, Internet Explorer 11 is only able to do this under Windows 8) and also have a secure connection to your readers.

Update 15.12.2013
Also my other pages ilovegaming.com and routerzwang.de are now accessible with SPDY and https - even if no critical content is published there, it certainly doesn't hurt to use encryption a bit more. And it also helps the loading time with modern browsers.

Leave a Comment

Your email address will not be published. Required fields are marked *

en_USEnglish
Scroll to Top