server {\r\nlisten 443 ssl;\r\n\r\nserver_name YOUR-DOMAIN; \r\n# Edit the above _YOUR-DOMAIN_ to your domain name\r\n\r\nssl_certificate \/etc\/letsencrypt\/live\/YOUR-DOMAIN\/fullchain.pem; \r\n# If you use Lets Encrypt, you should just need to change the domain. \r\n# Otherwise, change this to the path to full path to your domains public certificate file.\r\n\r\nssl_certificate_key \/etc\/letsencrypt\/live\/YOUR-DOMAIN\/privkey.pem; \r\n# If you use Let's Encrypt, you should just need to change the domain.\r\n# Otherwise, change this to the direct path to your domains private key certificate file.\r\n\r\nssl_session_cache builtin:1000 shared:SSL:10m; \r\n# Defining option to share SSL Connection with Passed Proxy\r\n\r\nssl_protocols TLSv1 TLSv1.1 TLSv1.2; \r\n# Defining used protocol versions. \r\n\r\nssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; \r\n# Defining ciphers to use. \r\n\r\nssl_prefer_server_ciphers on; \r\n# Enabling ciphers\r\n\r\naccess_log \/var\/log\/nginx\/access.log; \r\n# Log Location. the Nginx User must have R\/W permissions. Usually by ownership.\r\n<\/code><\/pre>\nThis is the juicy part of the config file, handing off relevant data to our back-end app running on port 3000<\/p>\n
Nothing should need to be changed here unless port 3000 is not the port you're using.<\/p>\n
Furthermore, if you're using a socket to serve your app (PHP comes to mind), you can define a UNIX:.sock location here as well<\/p>\n
location \/ {\r\nproxy_set_header Host $host;\r\nproxy_set_header X-Real-IP $remote_addr;\r\nproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\r\nproxy_set_header X-Forwarded-Proto $scheme;\r\nproxy_pass http:\/\/localhost:3000;\r\n#proxy_pass unix:\/path\/to\/php7.3.sock # This is an example of how to define a unix socket.\r\nproxy_read_timeout 90;\r\n}\r\n\r\n} # Don't leave this out! It \"closes\" the server block we started this file with. \r\n<\/code><\/pre>\nSave and exit the YOUR-DOMAIN<\/em> file. If you're using vim, hit Esc<\/strong> to exit INSERT mode, then type :wq<\/code> and hit enter to save and exit the file.<\/p>\nTo make the file active, we will need to link the file in the sites-available<\/em> folder to a location within the sites-enabled<\/em> folder. Again, change YOUR-DOMAIN<\/em> here with the actual name of the file you created earlier.<\/p>\nln -s \/etc\/nginx\/sites-avaialable\/YOUR-DOMAIN \/etc\/nginx\/sites-enabled\/YOUR-DOMAIN.conf\r\n<\/code><\/pre>\nLet's now test the configuration file.<\/p>\n
sudo nginx -t\r\n<\/code><\/pre>\nIf the test is successful, you'll see this output:<\/p>\n
nginx: the configuration file \/etc\/nginx\/nginx.conf syntax is ok\r\nnginx: configuration file \/etc\/nginx\/nginx.conf test is successful\r\n<\/code><\/pre>\nNow that we know it's going to work as expected, issue the command to restart the Nginx service<\/p>\n
sudo systemctl restart nginx\r\n\r\n# OR #\r\n\r\nsudo service nginx restart\r\n<\/code><\/pre>\nBoth commands perform the same task, simply preference decides your method here. I can safely say I use both and in no specific priority.<\/p>\n
You should now be able to launch your app (if it wasn't running already) and visit YOUR-DOMAIN<\/strong> in a browser, assuming the DNS is correct.<\/p>\nCongratulations-- you've now set up a reverse proxy using Nginx. And your app will now be showing to the world with HTTPS enabled!<\/p>\n","protected":false},"excerpt":{"rendered":"
Are you looking for a simple tutorial for how to use Nginx as a reverse proxy with SSL? This guide will walk you through exactly that! Nginx is a powerful tool. It allows you to serve multiple apps, websites, load-balance applications and much more. All that flexibility is powered by a relatively simple configuration system …<\/p>\n","protected":false},"author":20,"featured_media":8835,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[18,30],"tags":[202,211,212],"class_list":["post-4094","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","category-tutorials","tag-ca-ssl","tag-nginx","tag-proxy"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/4094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/comments?post=4094"}],"version-history":[{"count":8,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/4094\/revisions"}],"predecessor-version":[{"id":13018,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/4094\/revisions\/13018"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/media\/8835"}],"wp:attachment":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/media?parent=4094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/categories?post=4094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/tags?post=4094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"](\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2019\/08\/nginx_1-1024x712.png\")
<\/p>\n