Nginx Reverse Proxy with Let’s Encrypt on Ubuntu 22.04

In this guide, I’ll walk through setting up an Nginx reverse proxy for a Node.js application running on port 3000, and then securing it with a free Let’s Encrypt SSL certificate using Certbot.

Prerequisites

• A server running Ubuntu 22.04
• A domain name pointing to your server (we’ll use www.webprague.com)
• Nginx installed (sudo apt install nginx)
• Basic familiarity with the terminal

Step 1: Configure Nginx Reverse Proxy

Create a new configuration file:

sudo nano /etc/nginx/sites-available/webprague

Add the following:

server {
    listen 80;
    server_name www.webprague.com webprague.com;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Enable the site and test:

sudo ln -s /etc/nginx/sites-available/webprague /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Step 2: Install Certbot and Obtain SSL

sudo apt update
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d www.webprague.com -d webprague.com

Follow the interactive prompts. Certbot will modify your Nginx config to redirect HTTP to HTTPS automatically.

Step 3: Verify Auto-Renewal

Certbot installs a systemd timer. Test renewal:

sudo certbot renew --dry-run

If successful, you’re all set. Your reverse proxy is now served over HTTPS.

Troubleshooting

502 Bad Gateway: Ensure your backend is running. Check logs with sudo journalctl -u nginx.

Certbot fails: Verify port 80 is reachable. Temporarily disable a firewall if needed: sudo ufw allow 80/tcp.