How To Setup A Reverse Proxy With HTTPS Using Nginx And Certbot (5 Minute Quick-Start Guide) - VPS Hosting Blog | Dedicated Servers | Reseller Hosting

March 9, 2025 Editorial Staff

How to setup a reverse proxy with https using nginx and certbot — Discover how to setup a reverse proxy with https using nginx and certbot!

This article outlines how to setup a reverse proxy with HTTPS using Nginx and Certbot.

Table of Contents

What is a Reverse Proxy?

A reverse proxy is a server that sits between client devices and a backend server, forwarding client requests to the backend server and returning the server’s response to the clients. Unlike a forward proxy, which hides the identity of the client, a reverse proxy hides the identity of the backend server.

How It Works:

Client Request: A client sends a request to the reverse proxy instead of directly to the backend server.
Request Handling: The reverse proxy evaluates the request and forwards it to the appropriate server.
Server Response: The backend server processes the request and sends the response back to the reverse proxy.
Client Response: The reverse proxy sends the server’s response to the client, often modifying it if needed.

See also How to Install and Run ArchiveBox on Ubuntu VPS Server

Common Use Cases:

Load Balancing: Distributes incoming traffic across multiple servers to improve performance and reliability.
Security: Hides the identity and structure of backend servers and can provide an additional layer of security.
SSL Termination: Offloads SSL encryption/decryption from backend servers.
Caching: Caches static content to improve load times and reduce server load.
Content Delivery: Distributes content more efficiently by serving cached versions or routing requests to the nearest server.

Popular Reverse Proxy Software:

Nginx: Known for performance and scalability.
HAProxy: Popular for load balancing.
Apache HTTP Server: Can also function as a reverse proxy.
Traefik: Modern reverse proxy often used with containerized environments like Docker and Kubernetes.
Caddy: Simple and powerful reverse proxy with automatic HTTPS.

Setting up a reverse proxy with HTTPS using Nginx and Certbot can help secure your web applications and improve the management of traffic to your backend services. This guide will walk you through the entire process, from installation to configuration and securing the connection with SSL/TLS certificates using Certbot.

Prerequisites

Before you begin, ensure you have the following:

A server running a Linux distribution (e.g., Ubuntu 20.04 or later)
A registered domain name pointing to your server’s IP address
SSH access to your server
A web service running on your server that you want to proxy (e.g., an application on port 3000)

See also How to Install and Run Open Source Feedback Portal to Gather Feature Requests

How to Setup a Reverse Proxy with HTTPS Using Nginx and Certbot

To setup a reverse proxy with HTTPS using Nginx and Certbot, follow the steps outlined below:

Install Nginx

First, update your server’s package index and install Nginx:
```
sudo apt update sudo apt install nginx -y
```
After installation, enable Nginx to start automatically on boot and start the service:
```
sudo systemctl enable nginx sudo systemctl start nginx
```
Verify that Nginx is running by visiting your server’s IP address in a web browser. You should see the default Nginx welcome page.
Configure Nginx as a Reverse Proxy

Create a new configuration file for your reverse proxy setup. For this guide, we’ll create a file called myapp.conf in /etc/nginx/sites-available/:
```
sudo nano /etc/nginx/sites-available/myapp.conf
```
Add the following configuration, replacing example.com with your domain and localhost:3000 with your backend application address:
```
server { listen 80; server_name example.com; location / { proxy_pass http://localhost:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
```
Create a symbolic link to enable this configuration:
```
sudo ln -s /etc/nginx/sites-available/myapp.conf /etc/nginx/sites-enabled/
```
Test your configuration for syntax errors:
```
sudo nginx -t
```
If the test is successful, reload Nginx:
```
sudo systemctl reload nginx
```
Install Certbot and Obtain SSL Certificate

Certbot is a free and open-source tool that automates the process of obtaining SSL certificates from Let’s Encrypt.

Install Certbot and the Nginx plugin:
```
sudo apt install certbot python3-certbot-nginx -y
```
Request an SSL certificate using Certbot:
```
sudo certbot --nginx -d example.com -d www.example.com
```
Follow the prompts to complete the installation and automatic configuration. Certbot will automatically configure Nginx to use HTTPS and set up redirection from HTTP to HTTPS.
Verify SSL Installation

Check your website by visiting https://example.com in a browser. The connection should be secure, with a valid SSL certificate.

You can also test your SSL configuration using the SSL Labs Test.
Automate Certificate Renewal

Let’s Encrypt certificates are valid for 90 days, but Certbot can automatically renew them. To test the renewal process, run:
```
sudo certbot renew --dry-run
```
If everything works as expected, your certificates will renew automatically.

Conclusion

You’ve successfully setup a reverse proxy with HTTPS using Nginx and Certbot. Your server is now more secure and can efficiently route traffic to your backend application while keeping your SSL/TLS certificates up to date. If you encounter any issues, refer to the Nginx and Certbot documentation for further troubleshooting.

Share this:

Related Posts

Editorial Staff

Rad Web Hosting is a leading provider of web hosting, Cloud VPS, and Dedicated Servers in Dallas, TX.

lg