Skip to main content
HashnodeHarshit's blog

Command Palette

Search for a command to run...

How to Set Up Nginx as a Reverse Proxy with Free SSL (Let’s Encrypt)

Updated
3 min read
H
Harshit Paneri
👋 Hey, I’m Harshit — a systems focused engineer who enjoys building the kind of tech that just works. Whether it's crafting resilient backend services or designing fault-tolerant infrastructure, I focus on the parts of the system that keep everything up and running reliably, at scale, and under real-world pressure. At Jumbotail, I work across the boundary of platform and backend engineering setting up robust CI/CD pipelines, optimizing system performance, and building internal tools and APIs that developers rely on daily. My goal is simple: keep things fast, reliable, and easy to operate. 🧠 I care deeply about: High availability and system reliability Scalable service and infrastructure design Developer experience and automation Observability and proactive incident response 🛠️ Tools I work with regularly: Infra & Platforms: AWS, Kubernetes, Terraform, GitHub Actions Backend & APIs: Node.js, Java, Python, Go Monitoring & Ops: DataDog, Grafana, CloudWatch, Zenduty I enjoy working at the intersection of infrastructure and software — the kind of engineering that isn’t always visible to users, but makes all the difference when things go live at scale. 🔗 GitHub: https://github.com/harshit-paneri 📝 Blog: https://hashnode.com/@harshitpaneri

If you’re looking to host a website or application and want to secure it with HTTPS, this guide is for you. We’ll walk you through setting up Nginx as a reverse proxy and installing a free SSL certificate using Certbot (Let’s Encrypt). This guide is written in simple terms, so even if you’re a beginner, you can follow along!

Step 1: Install Nginx

Nginx is a popular web server that can also act as a reverse proxy to forward requests to other servers.

  1. Install Nginx in you machine
    Open your terminal and run the following command:

     sudo apt install nginx -y

  2. Start Nginx and Enable it to Start on Boot
    Run these commands to start Nginx and make sure it automatically starts every time your server boots:

     sudo systemctl start nginx
 sudo systemctl enable nginx

  3. Check if Nginx is Running
    Use this command to verify that Nginx is up and running:

     sudo systemctl status nginx

    You should see a message indicating Nginx is active (running).

Step 2: Install Certbot (Let’s Encrypt Client)

Certbot is a tool that helps you generate and manage free SSL certificates from Let’s Encrypt.

  1. Install Certbot and the Nginx Plugin
    Run the following command:

     sudo apt install certbot python3-certbot-nginx -y

Step 3: Configure Nginx as a Reverse Proxy

Now that Nginx is installed, let’s configure it as a reverse proxy.

  1. Create a New Nginx Configuration File
    Replace <your-domain> with your domain name (e.g., xyz.online):

     sudo nano /etc/nginx/sites-available/<your-domain.conf>

    Add the following configuration inside the file:

     server {
     listen 80;
     server_name <your-domain> #backend.xyx.com;

     location / {
         proxy_pass http://localhost:5000; # Change this to the port your app is running on
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }
 }

  2. Save the File and Exit
    Press CTRL+O to save and CTRL+X to exit.

  3. Enable the Configuration
    Create a symbolic link to enable your configuration:

     sudo ln -s /etc/nginx/sites-available/<your-domain.conf> /etc/nginx/sites-enabled/

  4. Test the Nginx Configuration
    Run this command to ensure there are no errors:

     sudo nginx -t

    If everything is okay, you’ll see:

     nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
 nginx: configuration file /etc/nginx/nginx.conf test is successful

  5. Reload Nginx
    Apply your changes by reloading Nginx:

     sudo systemctl reload nginx

Step 4: Allow Traffic Through the Firewall

  1. Allow Nginx Full Traffic
    Update your firewall to allow Nginx traffic:

     sudo ufw allow 'Nginx Full'

Step 5: Obtain a Free SSL Certificate with Let’s Encrypt

  1. Run Certbot
    Use Certbot to automatically configure SSL for your domain:

     sudo certbot --nginx -d <your-domain>

    Replace <your-domain> with your actual domain name (e.g., xyz.online).

  2. Follow the Prompts
    Certbot will guide you through a few steps. Once it’s done, your SSL certificate will be installed and configured!

Step 6: Verify Everything is Working

  1. Test Your Website
    Open your browser and go to https://<your-domain>. You should see your site running securely with HTTPS.

  2. Automatic Renewal
    Let’s Encrypt certificates expire in 90 days, but Certbot sets up automatic renewal for you. To test it, run:

     sudo certbot renew --dry-run

Step 7: Update Your DNS Records (Optional)

Make sure your domain points to your server’s IP address by updating the DNS records. For example:

  • Add an A record for your domain (backend.xy.online) pointing to your server’s public IP.

Final Thoughts

Congratulations! 🎉 You’ve successfully set up Nginx as a reverse proxy with Let’s Encrypt SSL. Your website or application is now secure and accessible over HTTPS.

If you encounter any issues, feel free to drop a comment below, and I’ll be happy to help. Happy hosting!

#nginx#reverse-proxy#ssl#encryption#letsencrypt

Comments (2)

Join the discussion
P
Prashant Lalwani1y ago

Even for a novice like me, it is simple to understand. Thank you.

1
A
Arzoo Bapna1y ago

A very simple, well written, insightful post. This was a delight to read

1

More from this blog

Harshit's blog

7 posts