Security has always been an important consideration for Web developers. However, in the last few years, many sites have been pushing (or been pushed) to use only HTTPS (a secure version of HTTP) for their site. PCI regulations effectively require that a site only use HTTPS, and large sites such as Google and Facebook encourage (and sometimes demand) that a site refuse unencrypted HTTP requests. This means that many sites which could previously ignore the calls for HTTPS now need to use and install it. In this talk, Nick Sullivan introduces the ideas behind HTTPS, and walks new developers/administrators through the process of making an nginx-backed site HTTPS-compliant.