How To Use Nginx As A Reverse Proxy With SSL (Tutorial)


Written by Kyle Morton


Nginx is a powerful tool. It allows you to serve multiple apps, websites, load-balance applications and much more. All that flexibility is powered by a relatively simple configuration system that uses nearly-human-readable configuration files.

Why use Nginx as a reverse proxy?

It may not be directly obvious why you might need a reverse proxy, but Nginx is a great option for serving your web apps— take, for example, a NodeJS app.

By default, it runs locally on a machine and listens on a custom-defined port. Usually, this is port 3000 by default and is accessed by typing something like http://YOUR — DOMAIN:3000 .

Get 480GB NVMe extra storage for FREE
Celebrating our 9 year anniversary! Capacity is limited and some deals will sell out. Get yours before they are gone!

But Nginx lets you serve your app that is running on a non-standard port without needing to attach the port number to the URL. It even lets you run different apps on each subdomain, or even in different sub-folders!

This guide will demonstrate how to utilize Nginx to serve a web app, such as a NodeJS App, using SSL Encryption.


  • Ubuntu 18.04
  • Non-Root User
  • App Running on Custom Port (this guide assumes port 3000)
  • DNS A Name Record for Domain Used
  • SSL Certificate For the Domain

Nginx Configuration

The default configuration for Nginx on Ubuntu 18.04, when installed using the Nginx-full package option, is to look for available sites at the following location:

This location will have a default file with an example Nginx virtual host configuration. Instead, we will be creating a new site using an empty file that we can utilize. Once logged in as your non-root user, issue the following command to create the new configuration file:

Be sure to replace YOUR-DOMAIN with your domain you plan to associate with your app.

Next, we will modify the file so that it does what we need it to. I will be using vim in this guide, but feel free to use whatever text editor you’re most comfortable with:

The next few steps include adjusting the sites-available/YOUR-DOMAIN file you created just before, so be sure to adjust where indicated so that it functions as desired:

This Section tells Nginx to listen on port 80 for your domain and rewrites the request to HTTPS for us

This is all the configuration declarations that help SSL Function.

This is the juicy part of the config file, handing off relevant data to our back-end app running on port 3000

Nothing should need to be changed here unless port 3000 is not the port you’re using.

Furthermore, if you’re using a socket to serve your app (PHP comes to mind), you can define a UNIX:.sock location here as well

Save and exit the YOUR-DOMAIN file. If you’re using vim, hit Esc to exit INSERT mode, then type :wq and hit enter to save and exit the file.

To make the file active, we will need to link the file in the sites-available folder to a location within the sites-enabled folder. Again, change YOUR-DOMAIN here with the actual name of the file you created earlier.

Let’s now test the configuration file.

If the test is successful, you’ll see this output:

Now that we know it’s going to work as expected, issue the command to restart the Nginx service

Both commands perform the same task, simply preference decides your method here. I can safely say I use both and in no specific priority.

You should now be able to launch your app (if it wasn’t running already) and visit YOUR-DOMAIN in a browser, assuming the DNS is correct.

Congratulations— you’ve now set up a reverse proxy using Nginx. And your app will now be showing to the world with HTTPS enabled!