Skip to content

Configuring Reverse Proxy with SSL Certificate Using Nginx

1. Installing Nginx

sudo apt update && sudo apt install nginx -y

2. Configuring Reverse Proxy

Create a configuration file (e.g., /etc/nginx/sites-available/example_gitflic) and add or modify the server section: 

server {
    listen 80;
    server_name example_gitflic.ru;

    location / {
        proxy_pass http://127.0.0.1:8080;  # Proxy to internal server
        proxy_send_timeout 3600s;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Ssl "ON";
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_redirect off;
        proxy_buffering off;
        proxy_http_version 1.1;
    }
}

3. Obtaining SSL Certificate

Getting Certificate via Utility

You can obtain SSL certificate from Let's Encrypt using Certbot: 

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d example_gitflic.ru

Using Self-Signed Certificate

1. Adding Certificate

Copy the certificate to the server, e.g., to /etc/ssl/certs/ for certificate and /etc/ssl/private/ for key. Then add these lines to Nginx configuration described in step 2: 

listen 443 ssl;
ssl_certificate /etc/ssl/certs/example_gitflic.ru.crt;
ssl_certificate_key /etc/ssl/private/example_gitflic.ru.key;

2. HTTP to HTTPS Redirect

To redirect HTTP traffic to HTTPS when using self-signed certificate, add this block to Nginx configuration described in step 2: 

server {
    if ($host = example_gitflic.ru) {
        return 301 https://$host$request_uri;
    }
    listen 80;
    server_name example_gitflic.ru;
    return 404;
}

Create symbolic link in sites-enabled directory to activate configuration:

sudo ln -s /etc/nginx/sites-available/example_gitflic /etc/nginx/sites-enabled/

5. Testing Configuration and Reloading Nginx

After making changes, test configuration:

sudo nginx -t
If everything is OK, reload Nginx:
sudo nginx -s reload

6. Accessing Application

The application will be available at https://example_gitflic.ru

Automatic Translation!

This page has been translated using automated tools. The text may contain inaccuracies.