How to Set Up a Reverse Proxy with nginx for Multiple Apps on One Server

Running multiple apps on a single $5/month VPS? nginx can route traffic to each one based on the domain name.

Here's the complete setup.

The Architecture

Internet
    ↓
nginx (port 80/443)
    ├── app1.yourdomain.com  → localhost:3001
    ├── app2.yourdomain.com  → localhost:3002
    └── api.yourdomain.com   → localhost:8080

Each app runs on a different local port. nginx routes incoming requests to the right one.

Step 1: Install nginx

sudo apt update && sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx

Step 2: Create Server Blocks

# Create config for each app
sudo nano /etc/nginx/sites-available/app1.yourdomain.com

server {
    listen 80;
    server_name app1.yourdomain.com;

    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}

# Enable the site
sudo ln -s /etc/nginx/sites-available/app1.yourdomain.com /etc/nginx/sites-enabled/

# Repeat for app2
sudo nano /etc/nginx/sites-available/app2.yourdomain.com
sudo ln -s /etc/nginx/sites-available/app2.yourdomain.com /etc/nginx/sites-enabled/

# Test config
sudo nginx -t

# Reload
sudo systemctl reload nginx

Step 3: Add SSL with Certbot

sudo apt install certbot python3-certbot-nginx -y

# Get certs for all your domains at once
sudo certbot --nginx -d app1.yourdomain.com -d app2.yourdomain.com -d api.yourdomain.com

# Auto-renewal
sudo systemctl enable certbot.timer

Certbot automatically updates your nginx configs to handle HTTPS and redirect HTTP → HTTPS.

Step 4: Optimize the Shared nginx Config

sudo nano /etc/nginx/nginx.conf

Add inside the http {} block:

# Gzip compression (applies to all sites)
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss;

# Rate limiting zone (use in server blocks)
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;

# Security headers (apply to all)
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;

# Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;

Step 5: Handle WebSockets (if needed)

location /socket.io/ {
    proxy_pass http://127.0.0.1:3001;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 86400;  # Keep connection alive for 24h
}

Useful nginx Commands

sudo nginx -t                    # Test config
sudo systemctl reload nginx      # Reload without downtime
sudo systemctl restart nginx     # Full restart
sudo nginx -T                    # Print full parsed config
sudo tail -f /var/log/nginx/error.log  # Watch errors live

---

I built ARIA to solve exactly this.
Try it free at step2dev.com — no credit card needed.