How do I configure an ssl certificate with Nginx on Ubuntu 18.04?

Solution 1:

Redirect http->https

This is a simple pattern for redirecting everything to https:

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

It does not fit to all use-cases, but for most it is the simplest way without strange directives.

Order

Order does in some cases make a difference in config-files. Nginx is working top-down, so to prevent strange behaviour I'd suggest to always write your config as a story. E.g. return immediately stops execution, so stuff behind that is not processed. I would suggest the order:

1. connection settings (listen, server_name)
2. general config (ssl, headers, log, etc)
3. logic (if, map, ..)
4. locations

Headers for reverse proxy

I would suggest to always add headers (can be put in server-block to work for all locations):

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer $http_referer;
proxy_set_header X-Forwarded-Proto $scheme;

SSL Protocol

Disable old TLS protocols

ssl_protocols       TLSv1.2 TLSv1.3;

Further inspection

If not working then:

• What is included in /etc/letsencrypt/options-ssl-nginx.conf
• What are the logs of Flask and Nginx telling?
• Are both running on host machine (no containers)?