DEV Community

Cover image for Setting Up Nginx with Certbot for HTTPS on Your Web Application
gourab yousuf basir
gourab yousuf basir

Posted on

Setting Up Nginx with Certbot for HTTPS on Your Web Application

Securing your web application with HTTPS is crucial for protecting data integrity and privacy. This guide will walk you through the steps to set up Nginx as a reverse proxy and use Certbot to obtain a free SSL certificate from Let's Encrypt.

Prerequisites

Before you begin, ensure you have the following:

  1. A domain name pointing to your server's IP address.
  2. A server running Ubuntu (or any other Linux distribution).
  3. Nginx installed on your server.

Step 1: Configure Nginx

First, we need to set up Nginx to proxy requests to our web application. Open your Nginx configuration file or create a new one for your domain:

sudo nano /etc/nginx/sites-available/my.website.com
Enter fullscreen mode Exit fullscreen mode

Add the following configuration:

server {
  listen 80;
  listen [::]:80;

  server_name my.website.com www.my.website.com;

  location / {
    proxy_pass http://localhost:5173;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}
Enter fullscreen mode Exit fullscreen mode

This configuration listens for HTTP requests on port 80 and proxies them to your web application running on localhost:5173.

Step 2: Enable the Nginx Configuration

Create a symbolic link to enable the configuration:

sudo ln -s /etc/nginx/sites-available/my.website.com /etc/nginx/sites-enabled/
Enter fullscreen mode Exit fullscreen mode

Test the Nginx configuration for syntax errors:

sudo nginx -t
Enter fullscreen mode Exit fullscreen mode

If the test is successful, reload Nginx to apply the changes:

sudo systemctl reload nginx
Enter fullscreen mode Exit fullscreen mode

Step 3: Install Certbot

Certbot is a tool that automates the process of obtaining and renewing SSL certificates from Let's Encrypt. Install Certbot and the Nginx plugin:

sudo apt update
sudo apt install certbot python3-certbot-nginx
Enter fullscreen mode Exit fullscreen mode

Step 4: Obtain an SSL Certificate

Run Certbot to obtain an SSL certificate and configure Nginx to use it:

sudo certbot --nginx
Enter fullscreen mode Exit fullscreen mode

Follow the interactive prompts. Certbot will:

  1. Detect your Nginx configuration.
  2. Allow you to select the domain you want to secure.
  3. Automatically obtain and install the SSL certificate.
  4. Modify your Nginx configuration to redirect HTTP traffic to HTTPS.

Certbot will update your Nginx configuration to something like this:

server {
  listen 80;
  listen [::]:80;
  server_name my.website.com www.my.website.com;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name my.website.com www.my.website.com;

  ssl_certificate /etc/letsencrypt/live/my.website.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/my.website.com/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  location / {
    proxy_pass http://localhost:5173;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}
Enter fullscreen mode Exit fullscreen mode

Step 5: Verify HTTPS

After Certbot completes, verify that your site is accessible via HTTPS by navigating to your website url (e.g. https://my.website.com ) in your browser.

Conclusion

You have successfully set up Nginx as a reverse proxy for your web application and secured it with an SSL certificate from Let's Encrypt using Certbot. This setup not only secures your web application but also improves its trustworthiness and SEO ranking.

For further reading and additional configurations, you may refer to the following resources:

Top comments (0)