Securing your web application with HTTPS is crucial for protecting data integrity and privacy. This guide will walk you through the steps to set up Nginx as a reverse proxy and use Certbot to obtain a free SSL certificate from Let's Encrypt.
Prerequisites
Before you begin, ensure you have the following:
- A domain name pointing to your server's IP address.
- A server running Ubuntu (or any other Linux distribution).
- Nginx installed on your server.
Step 1: Configure Nginx
First, we need to set up Nginx to proxy requests to our web application. Open your Nginx configuration file or create a new one for your domain:
sudo nano /etc/nginx/sites-available/my.website.com
Add the following configuration:
server {
listen 80;
listen [::]:80;
server_name my.website.com www.my.website.com;
location / {
proxy_pass http://localhost:5173;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
This configuration listens for HTTP requests on port 80 and proxies them to your web application running on localhost:5173
.
Step 2: Enable the Nginx Configuration
Create a symbolic link to enable the configuration:
sudo ln -s /etc/nginx/sites-available/my.website.com /etc/nginx/sites-enabled/
Test the Nginx configuration for syntax errors:
sudo nginx -t
If the test is successful, reload Nginx to apply the changes:
sudo systemctl reload nginx
Step 3: Install Certbot
Certbot is a tool that automates the process of obtaining and renewing SSL certificates from Let's Encrypt. Install Certbot and the Nginx plugin:
sudo apt update
sudo apt install certbot python3-certbot-nginx
Step 4: Obtain an SSL Certificate
Run Certbot to obtain an SSL certificate and configure Nginx to use it:
sudo certbot --nginx
Follow the interactive prompts. Certbot will:
- Detect your Nginx configuration.
- Allow you to select the domain you want to secure.
- Automatically obtain and install the SSL certificate.
- Modify your Nginx configuration to redirect HTTP traffic to HTTPS.
Certbot will update your Nginx configuration to something like this:
server {
listen 80;
listen [::]:80;
server_name my.website.com www.my.website.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name my.website.com www.my.website.com;
ssl_certificate /etc/letsencrypt/live/my.website.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.website.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://localhost:5173;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Step 5: Verify HTTPS
After Certbot completes, verify that your site is accessible via HTTPS by navigating to your website url (e.g. https://my.website.com
) in your browser.
Conclusion
You have successfully set up Nginx as a reverse proxy for your web application and secured it with an SSL certificate from Let's Encrypt using Certbot. This setup not only secures your web application but also improves its trustworthiness and SEO ranking.
For further reading and additional configurations, you may refer to the following resources:
Top comments (0)