How to configure NGINX Reverse Proxy with SSL?

This guide walks through the steps to install and configure NGINX as a reverse proxy on an Ubuntu server, including setting up SSL using Certbot. This is useful for forwarding incoming requests to internal applications while securing communication with HTTPS.

1

Install NGINX

Install the NGINX web server using APT:

apt install nginx

This installs NGINX, which will act as the reverse proxy.

2

Check Network Information

Run the following command to view the server's IP addresses:

ip a

This helps you identify which IP address to use for accessing the server.

3

Install Net-tools

Install the net-tools package to get access to legacy tools like netstat:

apt install net-tools
4

View Listening Ports

Use netstat to view active listening ports and services.

Make sure port numbers 80 and 443 are open in your security group to allow traffic.

netstat-tulnp
5

Install Certbot

Install Certbot using Snap to enable SSL certificate generation:

snap install --classic certbot

Link Certbot to /usr/bin for ease of use:

ln-s /snap/bin/certbot /usr/bin/certbot
6

Generate SSL Certificates

Run Certbot to configure SSL for NGINX automatically:

certbot--nginx
7

Configure NGINX Sites

Navigate to the NGINX configuration directory:

cd/etc/nginx/sites-available/

Edit or create a reverse proxy configuration file:

nano reverse-proxy

For example:

server {
    listen 443;
    server_name nignx-poc-test.theacecloud.com;

    error_log /var/log/nginx/access.log;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/nignx-poc-test.theacecloud.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nignx-poc-test.theacecloud.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE

    location / {
        proxy_pass https://www.google.com/; (Your webpage address)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;
        proxy_redirect off;
    }
}

You can also modify the default configuration if necessary:

nano default
8

Enable Reverse Proxy Configuration

Enable the site by creating a symbolic link in the sites-enabled directory:

ln -s /etc/nginx/sites-available/reverse-proxy /etc/nginx/sites-enabled/
9

Remove Default Site (Optional)

Navigate to the sites-enabled directory and remove the default config if desired:

rm -r /etc/nginx/sites-enabled/default
10

Test NGINX Configuration

Run the following command to verify the NGINX service:

nginx -t
11

Restart NGINX

Apply all changes by restarting the NGINX service:

service nginx restart

Conclusion

You have successfully configured NGINX as a reverse proxy with SSL enabled via Certbot on your Ubuntu server. This setup secures your web traffic and forwards requests to backend applications efficiently.

PreviousHow to Configure a Site-to-Site IPsec VPN on pfSense?

Last updated

Was this helpful?