Nginx is a high-performance web server that is often used as a reverse proxy to route incoming traffic to backend applications. This guide walks through the steps required to install and configure Nginx to serve a domain and proxy requests to a local service (such as an API running on port 8080). We'll focus on setting up basic HTTP first, then move on to HTTPS using Let's Encrypt in a separate section.
Prerequisites
- A Linux server (Ubuntu/Debian preferred)
- A domain name pointing to your server's public IP (via A or AAAA record)
- A backend service running on a local port (e.g., 8080)
- Root or sudo access to the server
Step 1: Install Nginx
Nginx is available in the default package repositories.
sudo apt update
sudo apt install nginx
Check if Nginx is running:
systemctl status nginx
If it’s inactive, start it:
sudo systemctl start nginx
Step 2: Configure Nginx for Your Domain
Create a new configuration file for your domain:
sudo nano /etc/nginx/sites-available/yourdomain.com
Paste the following configuration:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Explanation:
listen 80;- instructs Nginx to accept HTTP traffic on port 80.server_name- tells Nginx which domains this config applies to.proxy_pass- forwards all traffic to the backend application.- The
proxy_set_headerlines ensure proper forwarding of client headers.
Enable the site by creating a symbolic link:
sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
Test the configuration:
sudo nginx -t
If the test is successful, reload Nginx:
sudo systemctl reload nginx
Your domain should now be routing HTTP traffic to your backend service.
Step 3: Enable SSL with Let's Encrypt
Now that your basic HTTP setup is functional, it's time to secure it using HTTPS.
Install Certbot and Nginx Plugin
sudo apt install certbot python3-certbot-nginx
Obtain the SSL Certificate
Run the following command to request a certificate for your domain:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
Certbot will:
- Communicate with Let's Encrypt to validate your domain
- Automatically edit your Nginx config to include SSL directives
- Reload Nginx for you
Verify SSL is Working
Visit your domain in a browser:
https://yourdomain.com
Or check via command line:
curl -I https://yourdomain.com
Auto-Renewal (Recommended)
Let's Encrypt certificates expire every 90 days. Certbot sets up a timer automatically.
Test it with:
sudo certbot renew --dry-run
Diagnosis: If Your Domain is Not Accessible
If your domain does not respond over HTTP or HTTPS, it's possible that traffic is being blocked by your server's firewall (iptables).
To explicitly allow traffic on ports 80 and 443:
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT
To make these rules persistent:
sudo apt install iptables-persistent
sudo netfilter-persistent save
If you're using a cloud provider, ensure the security group or network firewall allows inbound traffic on ports 80 and 443.
You can test open ports using:
sudo ss -tuln | grep ':80\|:443'
Once the ports are open and Nginx is configured correctly, your domain should respond properly over both HTTP and HTTPS.