First, ensure that Nginx is installed on droplet. If it’s not installed, then install it using:
sudo apt update
sudo apt install nginx
Before configuring Nginx, the firewall needs to be adjusted to allow access to the service. Nginx registers itself as a service with ufw upon installation, making it straightforward to allow Nginx access.
You can show ufw app list by typing:
sudo ufw app list
Then enable Nginx by typing:
sudo ufw allow 'Nginx Full'
Now, you can verify the change by typing:
sudo ufw status
To avoid a possible hash bucket memory problem that can arise from adding additional server names, it is necessary to adjust a single value in the /etc/nginx/nginx.conf file. Open the file using:
sudo nano /etc/nginx/nginx.conf
And, find the server_names_hash_bucket_size directive and remove the # symbol to uncomment the line.
Here you will need to SSL/TLS Certificate also, so you need for that Let’s Encrypt using:
sudo apt update
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d example.com -d www.example.com
To automatically renew SSL/TLS certificates obtained with Let’s Encrypt using Certbot, you can set up a cron job.
sudo crontab -e
Then add this line at the bottom: 0 0,12 * * * certbot renew --quiet
Now, you need to create an Nginx configuration file for each service after successful all steps. Each configuration file will handle requests for a specific domain or subdomain and proxy them to the appropriate Docker container.
Assuming you have a Next.js project running on port 3000, and you want to serve it on example.com, then you can create a configuration file like -
sudo nano /etc/nginx/sites-available/example.com
And add below blocks on this file :
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-CCM:ECDHE-RSA-AES256-CCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384';
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
}
}
If you have multiple service, you can create additional configuration files, for example:
/etc/nginx/sites-available/service1.example.com
/etc/nginx/sites-available/service2.example.com
Each file will have a similar structure, just make sure to replace the server_name and proxy_pass with appropriate values.
Also must be linked your configuration files with /etc/nginx/sites-enabled/ to enable them:
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/service1.example.com /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/service2.example.com /etc/nginx/sites-enabled/
Note: Always test your Nginx configuration before restarting:
sudo nginx -t
If the test is successful, restart Nginx to apply the changes:
sudo systemctl restart nginx
Top comments (0)