uwsgi_ssl_certificate
The `uwsgi_ssl_certificate` directive specifies the SSL certificate for uWSGI connections in NGINX.
Description
The uwsgi_ssl_certificate directive in NGINX is used to define the SSL certificate that the server will use when connecting to a uWSGI application backend using an SSL encrypted channel. This directive allows secure communication between NGINX and uWSGI, ensuring that data remains protected during transmission. The directive takes a single argument which is the path to the SSL certificate file in PEM format.
Inside the http, server, or location contexts, the uwsgi_ssl_certificate directive expects a valid file path to the certificate. If this configuration is specified, NGINX will utilize this certificate when initiating an SSL handshake with the uWSGI process. It’s essential to ensure that the provided certificate is correctly formatted and accessible by the NGINX worker processes; otherwise, SSL connections to the uWSGI backend may fail, leading to errors such as SSL handshake failures.
Care should be taken to pair the uwsgi_ssl_certificate directive with the appropriate uwsgi_ssl_certificate_key directive, which specifies the private key corresponding to the certificate. Together, these settings ensure secure connections from NGINX to uWSGI, promoting a secure architecture for web applications that leverage this communication pathway.
Config Example
server {
listen 443 ssl;
server_name example.com;
uwsgi_ssl_certificate /etc/ssl/certs/my_cert.pem;
uwsgi_ssl_certificate_key /etc/ssl/private/my_key.pem;
location / {
include uwsgi_params;
uwsgi_pass unix:/var/run/uwsgi.sock;
}
}Ensure the certificate file path is correct and the file is readable by NGINX.
Do not forget to set the corresponding uwsgi_ssl_certificate_key directive, or SSL connections may fail.
Using an incorrect certificate format or an expired certificate can lead to SSL handshake errors.