Web Server & Proxy TLS/SSL Guides

Production-ready TLS/SSL configurations for every major web server and reverse proxy. Covers cipher suites, protocol versions, HSTS, OCSP stapling, and certificate setup.

Apache

The most widely deployed HTTP server.

Caddy

Modern web server with automatic HTTPS.

HAProxy

Reliable high-performance TCP/HTTP load balancer.

IIS

Microsoft web server for Windows Server.

Lighttpd

Lightweight and fast web server.

Nginx

High-performance web server and reverse proxy.

Squid

Caching proxy with HTTPS support.

Tomcat

Java servlet container and web server.

Traefik

Cloud-native reverse proxy and load balancer.

About These Guides

Web servers and reverse proxies are the primary TLS termination point for most infrastructure. Misconfigured TLS at this layer can expose your entire application stack. These guides cover the settings most commonly misconfigured in production: allowing deprecated protocol versions, weak cipher suites, missing HSTS headers, and improper certificate chain ordering.

Each guide includes a complete, copy-paste configuration block, an explanation of every directive, and testing instructions using Qualys SSL Labs.

Configured TLS? Now Monitor It.

Generator Labs alerts you before certificates expire, get revoked, or fail chain validation — across HTTPS, SMTPS, IMAPS, LDAPS, and more.

Start Monitoring →