Configure Nginx as a reverse proxy for your app with automatic HTTPS via a free Let's Encrypt certificate.

This guide assumes Nginx is already installed (see the Nginx installation guide) and you have a domain pointing at your VPS IP.

  1. Install Certbot and the Nginx plugin:
    apt update && apt install certbot python3-certbot-nginx
  2. Create a site config at /etc/nginx/sites-available/myapp. Replace yourdomain.com and the proxy port with your values:
    server {
    listen 80;
    server_name yourdomain.com;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
  3. Enable the site and reload Nginx:
    ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/
    nginx -t && systemctl reload nginx
  4. Open ports 80 and 443 in the portal upstream firewall and locally:
    ufw allow "Nginx Full"
  5. Obtain a free SSL certificate:
    certbot --nginx -d yourdomain.com
    Certbot will automatically rewrite your Nginx config to handle HTTPS and HTTP→HTTPS redirects.
  6. Verify auto-renewal is active:
    systemctl status certbot.timer
    Certbot renews certificates automatically before they expire — no manual action required.

Multiple domains: Repeat steps 2–5 for each additional site, using a separate config file per domain. Each gets its own certificate.

Was this guide helpful?

Thanks for your feedback!