Hostwinds Tutorials
Search results for:
Table of Contents
Tags: Cloud Servers, SSL, VPS
Nginx is a powerful tool. It allows you to serve multiple apps, websites, load-balanced applications, and much more. This flexibility is all powered by a relatively simple configuration system that uses nearly-human-readable configuration files. This guide will demonstrate how to set up an Nginx Reverse Proxy with SSL on a Hostwinds Cloud VPS.
This guide will assume a general understanding of using a Linux-based system via command line and will further assume the following prerequisites:
The Nginx-full package defaults to a dynamic Shared Virtual Host environment. The configuration files for each Virtual Host are available for use here:
/etc/nginx/sites-available/
This location will have a file called default available to use as a base template. However, we will manually create a new configuration file in this guide and populate it as needed. Once logged in as your non-root user, issue this command to start the process:
sudo touch /etc/nginx/sites-available/domain.tld
Be sure to replace domain—tld with the domain you are actually using.
Next, we move to modify that file to perform the tasks we need it to do. We will be using vim in this guide as the text editor. You may use nano or any other text editor based on your personal preference.
sudo vim /etc/nginx/sites-available/domain.tld
Now that the file exists add the following text to this file. Modify the text indicated to reference your domain, the port your app is using, and your SSL certificate paths. This file will be the main configuration for the reverse proxy:
###
# This Section listens on port 80 for your domain and rewrites the request
# to HTTPS for us
###
server {
listen 80;
server_name domain.tld www.domain.tld; # Edit this to your domain name
rewrite ^ https://$host$request_uri permanent;
}
###
# This is all the configuration declarations that help SSL Function.
###
server {
listen 443 ssl;
server_name domain.tld;
# Edit this to your domain name
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
# If you use Lets Encrypt, you should just need to change the domain.
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
# If you use Let's Encrypt, you should just need to change the domain.
ssl_session_cache builtin:1000 shared:SSL:10m;
# Defining option to share SSL Connection with Passed Proxy
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Defining used protocol versions.
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
# Defining ciphers to use.
ssl_prefer_server_ciphers on;
# Enabling ciphers
access_log /var/log/nginx/access.log;
# Log Location. Can be anywhere. Make sure the nginx user defined in /etc/nginx/nginx.conf has r/w permissions
###
# This is the juicey part of the config file, handing off relevant data to
# our back-end app running on port 3000
# Nothing should need to be changed here, unless port 3000 is not the port
# you're using.
# Furthermore, if you're using a socket to serve your app (PHP comes to
# mind), you can define a unix:.sock location here as well
###
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3000;
proxy_read_timeout 90;
}
}
Save the file and exit the text editor.
Now that the configuration is created, we have to tell Nginx to check for the file on load. We will make a symbolic link:
sudo ln -s /etc/nginx/sites-avaialable/domain.tld /etc/nginx/sites-enabled/domain.tld.conf
Next, we test the configuration before restarting the Nginx system service
sudo nginx -t
Afterward, It should run the test and output the following message upon a success:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
We now know that the configuration file will not cause a crash, so let's restart the Nginx service and test the app.
sudo systemctl restart nginx
You should now have access to the app running on the defined port by browsing to the domain—tld as depicted in the Nginx configuration file created earlier.
Written by Hostwinds Team / June 14, 2019