Search The Hostwinds Guides Knowledge Base

Nginx Reverse Proxy with SSL

Share This Article [TheChamp-Sharing]

Nginx is a powerful tool. It allows you to serve multiple apps, websites, load-balanced applications and much more. This flexibility is all powered by a relatively simple configuration system that uses nearly-human-readable configuration files. This guide will demonstrate how to utilize set up an Nginx Reverse Proxy with SSL on a Hostwinds Cloud VPS.

Prerequisites

This guide will assume a general understanding of using a Linux-based system via command line, and will further assume the following prerequisites:

  • Ubuntu 18.04
  • Non-root user
  • App Running on Desired Reverse-Proxy Port (This guide will assume port 3000)
  • DNS A Name Record for Domain Desired
  • SSL Certificate for the Domain

Nginx Configuration

The Nginx-full package defaults to a dynamic Shared Virtual Host environment. The configuration files for each Virtual Host are available for use here:

/etc/nginx/sites-available/

This location will have a file called default available to use as a base template. However, in this guide, we will manually create a new configuration file and populate it as needed. Once logged in as your non-root user, issue this command to start the process:

sudo touch /etc/nginx/sites-available/domain.tld

Be sure to replace domain.tld with the domain you are actually using.

Next, we move to modify that file to make it perform the tasks we need it to do. We will be using vim in this guide as the text editor. You may use nano or any other text editor based on your personal preference.

sudo vim /etc/nginx/sites-available/domain.tld

Now that the file exists, add the following text to this file. Modify the text where indicated to reference your domain, the port your app is using, and your SSL certificate paths. This file will be the main configuration for the reverse proxy:

###
# This Section listens on port 80 for your domain and rewrites the request 
# to HTTPS for us
###

server {
listen 80;
server_name domain.tld www.domain.tld; # Edit this to your domain name
rewrite ^ https://$host$request_uri permanent;
}

###
# This is all the configuration declarations that help SSL Function.
###

server {
listen 443 ssl;

server_name domain.tld;
# Edit this to your domain name

ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;       
# If you use Lets Encrypt, you should just need to change the domain. 

ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;     
# If you use Let's Encrypt, you should just need to change the domain.

ssl_session_cache builtin:1000 shared:SSL:10m;                        
# Defining option to share SSL Connection with Passed Proxy

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;                                  
# Defining used protocol versions. 

ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; 
# Defining ciphers to use. 

ssl_prefer_server_ciphers on;                                         
# Enabling ciphers

access_log /var/log/nginx/access.log;                                 
# Log Location. Can be anywhere. Make sure the nginx user defined in /etc/nginx/nginx.conf has r/w permissions

###
# This is the juicey part of the config file, handing off relevant data to 
# our back-end app running on port 3000
# Nothing should need to be changed here, unless port 3000 is not the port 
# you're using. 
# Furthermore, if you're using a socket to serve your app (PHP comes to 
# mind), you can define a unix:.sock location here as well
###
    
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3000;
proxy_read_timeout 90;
}
}

Save the file and exit the text editor.

Test the Nginx Configuration

Now that the configuration is created, we have to tell Nginx to check for the file on load. We will make a symbolic link:

sudo ln -s /etc/nginx/sites-avaialable/domain.tld /etc/nginx/sites-enabled/domain.tld.conf

Next, we test the configuration before restarting the Nginx system service

sudo nginx -t

Afterward, It should run the test and output the following message upon a success:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

We now know that the configuration file will not cause a crash, so let’s restart the Nginx service and test the app.

sudo systemctl restart nginx

You should now have access to the app that is running on the defined port by browsing to domain.tld as depicted in the Nginx configuration file created earlier.

Related Articles