Here’s an in-depth instruction on installing Nginx and then setting it up as a reverse proxy. The following instructions assume you’re using a Linux-based server like Ubuntu.
Step 1: Install Nginx
Update your package lists to ensure you have the latest versions of your server’s software:
sudo apt update
Once the update is finished, install Nginx:
sudo apt install nginx
After the installation is complete, the Nginx service should start automatically. You can check the status of the service with the following command:
sudo systemctl status nginx
If the service is running, you should see an output that says Active: active (running). If the service isn’t running, you can start it with this command:
sudo systemctl start nginx
To ensure Nginx starts automatically at boot, you can type:
sudo systemctl enable nginx
Step 2: Set Up Nginx as a Reverse Proxy
Open the Nginx configuration file. This file is typically located at /etc/nginx/sites-available/default. Use a text editor like nano or vi to open it:
sudo nano /etc/nginx/sites-available/default
Add the following lines to set up the reverse proxy in the server block of the file. Be sure to replace yourdomain.com and localhost:3000 with your existing domain and the IP address:port of the service you’re proxying to:
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Save and exit the text editor. If you’re using nano, you can do this by pressing Ctrl+X, Y, then Enter.
Test the configuration to ensure there are no syntax errors:
sudo nginx -t
If the configuration file is free of syntax errors, you should see a message like this: nginx: configuration file /etc/nginx/nginx.conf test is successful.
Restart Nginx to apply the changes:
sudo systemctl restart nginx
Finally, recheck the status of Nginx to make sure everything is running smoothly:
sudo systemctl status nginx
If everything has been set up correctly, you should now run Nginx as a reverse proxy on your server.
If Nginx is correctly installed and running, you can check it by accessing your server via a web browser. Enter your server’s IP address or domain name in your web browser. If Nginx is running, you’ll see a welcome page that says, “Welcome to Nginx!”
Step 3: Configure Firewall
If a firewall is enabled, you may need to configure it to allow connections through Nginx. If you’re using UFW, you can do this with the following commands:
sudo ufw allow 'Nginx Full'
Check the status of the firewall to ensure the new rules have been applied:
sudo ufw status
You should see Nginx Full in the list of allowed services.
How to secure your nginx installation with Let’s Encrypt?
Securing Nginx with Let’s Encrypt on Ubuntu involves obtaining an SSL certificate and configuring Nginx to use this certificate for secure connections. Let’s Encrypt provides free SSL certificates through an automated process designed to eliminate the complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites. The Certbot is a client that makes this easy.
This guide assumes that you’ve installed Nginx, that it’s serving your site correctly, and that you’ve set up DNS for your domain to point to this server.
Step 1: Install Certbot
Certbot is the software that will communicate between your server and Let’s Encrypt to get, renew, and install your SSL certificate.
Update your package lists to ensure you have the latest versions of your server’s software:
sudo apt update
Install Certbot and the Nginx plugin by typing:
sudo apt install certbot python3-certbot-nginx
Step 2: Obtain a Certificate
Run Certbot along with the Nginx plugin:
sudo certbot --nginx
Follow the prompts to enter your email and agree to the terms of service. Afterward, the Certbot will communicate with the Let’s Encrypt CA, then run a challenge to verify that you control the domain you’re requesting a certificate for.
If that’s successful, Certbot will ask how you’d like to configure your HTTPS settings.
Step 3: Verify Certbot Auto-Renewal
Let’s Encrypt’s certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process. The Certbot package we installed takes care of this for us by adding a renewal script to /etc/cron.d. This script runs twice a day. It will automatically renew any certificate that’s within thirty days of expiration.
To test the renewal process, you can use this command:
sudo certbot renew --dry-run
Step 4: Adjust your Nginx Configuration to Use SSL
Certbot should automatically set up your configuration to use SSL. You can verify this by checking your configuration file.
sudo nano /etc/nginx/sites-available/yourdomain.com
You should see the SSL configuration and certificate files added by Certbot.
Step 5: Restart Nginx
After you’ve made the changes, restart Nginx to ensure the new configuration takes effect.
sudo systemctl restart nginx
Your web server now uses a free Let’s Encrypt SSL certificate to serve HTTPS content securely. If you ever need to adjust your SSL settings, you can find the SSL configuration in your Nginx configuration file where Certbot placed it.