Чтобы заработал HTTPS (порт 443), нужно:
- Получить SSL-сертификат (бесплатно — через Let’s Encrypt)
- Добавить или обновить Nginx-конфиг, чтобы он слушал порт 443 с SSL
- (Опционально, рекомендуется) — перенаправлять весь HTTP-трафик на HTTPS
Шаг 1: Установка Certbot
sudo apt update
sudo apt install certbot python3-certbot-nginx
Шаг 2: Запуск автоматической настройки HTTPS
$ sudo certbot --nginx -d happyblitz.ru -d www.happyblitz.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address or hit Enter to skip.
(Enter 'c' to cancel):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at:
https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf
You must agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for happyblitz.ru and www.happyblitz.ru
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/happyblitz.ru/fullchain.pem
Key is saved at: /etc/letsencrypt/live/happyblitz.ru/privkey.pem
This certificate expires on 2026-04-18.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for happyblitz.ru to /etc/nginx/sites-enabled/default
Successfully deployed certificate for www.happyblitz.ru to /etc/nginx/sites-enabled/default
Congratulations! You have successfully enabled HTTPS on https://happyblitz.ru and https://www.happyblitz.ru
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Шаг 3: Настройка виртуального хоста
Файл /etc/nginx/sites-available/happyblitz
server {
root /var/www/happyblitz/web;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name www.happyblitz.ru happyblitz.ru; # managed by Certbot
# Защита системных файлов
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~ ^/(composer\.(json|lock)|package\.json|.*\.md|.*\.yml|LICENSE\.txt|README\.md)$ {
deny all;
access_log off;
log_not_found off;
}
location ~ ^/(vendor|config|recipes|autoload\.php|update\.php|INSTALL\.txt)$ {
deny all;
access_log off;
log_not_found off;
}
# PHP
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php-fpm.sock;
fastcgi_intercept_errors on;
}
# Clean URLs для Drupal
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# Статика
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|webp|pdf)$ {
expires 1y;
add_header Cache-Control "public, immutable";
try_files $uri $uri/ /index.php?$query_string;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/happyblitz.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/happyblitz.ru/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
server_name happyblitz.ru www.happyblitz.ru;
return 301 https://$host$request_uri;
}Шаг 5: Отключение default, подключение нашего сайта
- Отключение default. Удаляем symlink на default
sudo rm /etc/nginx/sites-enabled/default - Включение сайта ( happyblitz )
sudo ln -s /etc/nginx/sites-available/happyblitz /etc/nginx/sites-enabled/ -
Проверка
$ sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful - Обновление конфигурации nginx
sudo systemctl reload nginx