Here’s an in-depth instruction on installing Nginx and then setting it up as a reverse proxy. The following instructions assume you’re using a Linux-based server like Ubuntu.

Step 1: Install Nginx

Update your package lists to ensure you have the latest versions of your server’s software:

sudo apt update

Once the update is finished, install Nginx:

sudo apt install nginx

After the installation is complete, the Nginx service should start automatically. You can check the status of the service with the following command:

sudo systemctl status nginx

If the service is running, you should see an output that says Active: active (running). If the service isn’t running, you can start it with this command:

sudo systemctl start nginx

To ensure Nginx starts automatically at boot, you can type:

sudo systemctl enable nginx

Step 2: Set Up Nginx as a Reverse Proxy

Open the Nginx configuration file. This file is typically located at /etc/nginx/sites-available/default. Use a text editor like nano or vi to open it:

sudo nano /etc/nginx/sites-available/default

Add the following lines to set up the reverse proxy in the server block of the file. Be sure to replace and localhost:3000 with your existing domain and the IP address:port of the service you’re proxying to:

server {
    listen 80;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

Save and exit the text editor. If you’re using nano, you can do this by pressing Ctrl+X, Y, then Enter.

Test the configuration to ensure there are no syntax errors:

sudo nginx -t

If the configuration file is free of syntax errors, you should see a message like this: nginx: configuration file /etc/nginx/nginx.conf test is successful.

Restart Nginx to apply the changes:

sudo systemctl restart nginx

Finally, recheck the status of Nginx to make sure everything is running smoothly:

sudo systemctl status nginx

If everything has been set up correctly, you should now run Nginx as a reverse proxy on your server.

If Nginx is correctly installed and running, you can check it by accessing your server via a web browser. Enter your server’s IP address or domain name in your web browser. If Nginx is running, you’ll see a welcome page that says, “Welcome to Nginx!

Step 3: Configure Firewall

If a firewall is enabled, you may need to configure it to allow connections through Nginx. If you’re using UFW, you can do this with the following commands:

sudo ufw allow 'Nginx Full'

Check the status of the firewall to ensure the new rules have been applied:

sudo ufw status

You should see Nginx Full in the list of allowed services.

How to secure your nginx installation with Let’s Encrypt?

Securing Nginx with Let’s Encrypt on Ubuntu involves obtaining an SSL certificate and configuring Nginx to use this certificate for secure connections. Let’s Encrypt provides free SSL certificates through an automated process designed to eliminate the complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites. The Certbot is a client that makes this easy.

This guide assumes that you’ve installed Nginx, that it’s serving your site correctly, and that you’ve set up DNS for your domain to point to this server.

Step 1: Install Certbot

Certbot is the software that will communicate between your server and Let’s Encrypt to get, renew, and install your SSL certificate.

Update your package lists to ensure you have the latest versions of your server’s software:

sudo apt update

Install Certbot and the Nginx plugin by typing:

sudo apt install certbot python3-certbot-nginx

Step 2: Obtain a Certificate

Run Certbot along with the Nginx plugin:

sudo certbot --nginx

Follow the prompts to enter your email and agree to the terms of service. Afterward, the Certbot will communicate with the Let’s Encrypt CA, then run a challenge to verify that you control the domain you’re requesting a certificate for.

If that’s successful, Certbot will ask how you’d like to configure your HTTPS settings.

Step 3: Verify Certbot Auto-Renewal

Let’s Encrypt’s certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process. The Certbot package we installed takes care of this for us by adding a renewal script to /etc/cron.d. This script runs twice a day. It will automatically renew any certificate that’s within thirty days of expiration.

To test the renewal process, you can use this command:

sudo certbot renew --dry-run

Step 4: Adjust your Nginx Configuration to Use SSL

Certbot should automatically set up your configuration to use SSL. You can verify this by checking your configuration file.

sudo nano /etc/nginx/sites-available/

You should see the SSL configuration and certificate files added by Certbot.

Step 5: Restart Nginx

After you’ve made the changes, restart Nginx to ensure the new configuration takes effect.

sudo systemctl restart nginx

Your web server now uses a free Let’s Encrypt SSL certificate to serve HTTPS content securely. If you ever need to adjust your SSL settings, you can find the SSL configuration in your Nginx configuration file where Certbot placed it.