nginx optimization doc

Web-Servers/Nginx/07-SSL.md

@@ -0,0 +1,56 @@
+# 🔐 Nginx SSL Configuration Guide
+
+## 📄 Example Server Block (HTTPS)
+
+```nginx
+listen 443 ssl;
+server_name example.com www.example.com;
+
+# 🔒 SSL Certificate (Generated by Certbot)
+ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; 
+ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; 
+
+# 📂 Website Root
+root /var/www/example.com/html;
+index index.html;
+
+# 🚦 Request Handling
+location / {
+    try_files $uri $uri/ =404;
+}
+```
+
+---
+
+## 🗂️ What Each Part Does
+
+| Directive                    | Meaning                                                |
+| ---------------------------- | ------------------------------------------------------ |
+| `listen 443 ssl;`            | Listens on port **443** for secure HTTPS traffic.      |
+| `server_name`                | Specifies the domain(s) for this site.                 |
+| `ssl_certificate`            | The **full certificate chain** file from Certbot.      |
+| `ssl_certificate_key`        | The **private key** file from Certbot.                 |
+| `root`                       | Directory containing your website’s files.             |
+| `index`                      | Default file served for a directory request.           |
+| `try_files $uri $uri/ =404;` | Checks if a file/directory exists, else returns a 404. |
+
+---
+
+## ⚠️ SSL Notes
+
+* Certbot certificates are stored here:
+
+  ```
+  /etc/letsencrypt/live/<your-domain>/
+  ```
+* Certificates **expire every 90 days** — set up auto-renew:
+
+  ```bash
+  certbot renew --quiet
+  ```
+* After renewal, always reload Nginx to apply changes:
+
+  ```bash
+  systemctl reload nginx
+  ```
+