Installing NGINX, LetsEncrypt and reverse proxy to a docker on port 3000
Installing NGINX, LetsEncrypt and Docker
To install Let's Encrypt with Nginx and proxy traffic to an application running on port 3000, you will use the following tools:
1. **Nginx**: To handle the proxying.
2. **Certbot**: To install and manage SSL certificates from Let's Encrypt.
Here is a step-by-step guide to set up Let's Encrypt on Nginx and proxy traffic to an application running on port 3000.
---
### **Step 1: Install Nginx**
If Nginx is not already installed, you can install it using the following command:
1sudo apt update2sudo apt install nginx
### **Step 2: Install Certbot for Let's Encrypt**
Certbot is the tool that helps you automatically issue and renew SSL certificates from Let's Encrypt.
1. **Install Certbot** and the Nginx plugin:
1 sudo apt install certbot python3-certbot-nginx
2. **Verify the Certbot installation**:
1certbot --version
You should see the version of Certbot installed.
---
### **Step 3: Configure Nginx as a Reverse Proxy**
You'll need to configure Nginx to act as a reverse proxy, sending traffic from port 80/443 (HTTP/HTTPS) to your application running on port 3000.
1. **Create a new Nginx server block (virtual host)** for your domain. The configuration files are typically located in `/etc/nginx/sites-available/`.
1sudo nano /etc/nginx/sites-available/your-domain.com
2. **Add the following configuration to proxy requests to port 3000**:
1server {2 listen 80;3 server_name your-domain.com www.your-domain.com;45 location / {6 proxy_pass http://localhost:3000;7 proxy_set_header Host $host;8 proxy_set_header X-Real-IP $remote_addr;9 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;10 proxy_set_header X-Forwarded-Proto $scheme;11 }12 }
- **`server_name`**: Replace `your-domain.com` with your actual domain name.
- **`proxy_pass`**: Specifies that incoming traffic should be proxied to your application running on port 3000.
- **`proxy_set_header`**: Ensures the correct headers are forwarded to the backend application.
3. **Enable the Nginx configuration** by creating a symbolic link to it in the `sites-enabled` directory:
1sudo ln -s /etc/nginx/sites-available/your-domain.com /etc/nginx/sites-enabled/
4. **Test the Nginx configuration** to make sure there are no syntax errors:
1sudo nginx -t
5. **Reload Nginx** to apply the changes:
1 sudo systemctl reload nginx
---
### **Step 4: Obtain SSL Certificates from Let's Encrypt**
Now that Nginx is set up to proxy traffic to your app, let's use Certbot to obtain SSL certificates.
1. **Run Certbot** to obtain and install an SSL certificate for your domain:
1 sudo certbot --nginx -d your-domain.com -d www.your-domain.com
Certbot will automatically:
- Obtain the SSL certificate from Let's Encrypt.
- Modify your Nginx configuration to redirect HTTP to HTTPS.
- Apply the SSL certificate to your Nginx configuration.
2. **Follow the prompts**:
- Certbot will ask you to provide an email address for important renewal or security notices.
- It will also ask if you want to automatically redirect all HTTP traffic to HTTPS (this is recommended).
---
### **Step 5: Test the HTTPS Configuration**
1. **Test the SSL setup**:
- Open your web browser and navigate to `https://your-domain.com`. You should see that your site is served over HTTPS and is correctly proxied to the application running on port 3000.
2. **Verify the certificate renewal**:
- Certbot automatically renews the SSL certificates. You can verify the renewal configuration by running:
1sudo certbot renew --dry-run
---
### **Nginx Configuration After Certbot Runs**
After Certbot automatically configures SSL, your Nginx configuration will look like this:
1server {2 listen 80;3 server_name your-domain.com www.your-domain.com;4 return 301 https://$host$request_uri;5}67server {8 listen 443 ssl;9 server_name your-domain.com www.your-domain.com;1011 ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;12 ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;13 include /etc/letsencrypt/options-ssl-nginx.conf;14 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;1516 location / {17 proxy_pass http://localhost:3000;18 proxy_set_header Host $host;19 proxy_set_header X-Real-IP $remote_addr;20 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;21 proxy_set_header X-Forwarded-Proto $scheme;22 }23}
- This configuration redirects all HTTP traffic to HTTPS.
- It serves the SSL certificate from the `/etc/letsencrypt/` directory.
- The traffic is proxied to your application running on port `3000`.
---
### **Summary of Steps**
1. **Install Nginx** and **Certbot**.
2. **Configure Nginx** to act as a reverse proxy for your application on port 3000.
3. **Use Certbot** to obtain and install SSL certificates from Let's Encrypt.
4. **Test HTTPS** to ensure everything is working correctly.
With these steps, you’ll have a secure connection with HTTPS using Let's Encrypt, and Nginx will proxy the requests to your application running on port 3000.