Reverse proxy with SSL

Nginx
Apache

When you want to protect some application that runs on some port on your server with SSL, so you can safely access it from a remote computer, you can add a reverse proxy to that port.

For this tutorial, you will need a domain and a DNS record that points your domain or subdomain to your server public IP. This is because you can only use self-signed certificates when using IPs to access a SSL page, and we are going to use Let’s Encrypt certificates.

Nginx

If you don’t have Nginx installed, install it using your system’s package manager:

# Ubuntu
sudo apt install nginx -y

Install Let’s Encrypt for Nginx

sudo apt install python3-certbot-nginx

Create a new SSL certificate:

sudo certbot --nginx certonly

Disable default Nginx config file (if you are using Nginx for the first time) by deleting /etc/nginx/sites-enabled/default

sudo rm /etc/nginx/sites-enabled/default

Create /etc/nginx/sites-available/proxy-test (you can name the file whatever you want):

sudo vim /etc/nginx/sites-available/proxy-test

Add the following lines to the file, replace as needed:

server {
    listen 80;
    server_name example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443    ssl;
    server_name   example.com;
    index         index.html;
    location / {
        proxy_pass http://127.0.0.1:8000;
    }
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers   HIGH:!aNULL:!MD5;
}

Apply the configuration

sudo ln -s /etc/nginx/sites-available/test /etc/nginx/sites-enabled/test
sudo nginx -s reload

Apache

Install Apache if it’s not already installed.

#Ubuntu
sudo apt install apache2 -y

Install Let’s Encrypt for Apache

sudo apt install python3-certbot-apache -y

Create a new SSL certificate

sudo certbot --apache certonly

Disable default Apache config file (if you are using Apache for the first time) by typing:

sudo a2dissite 000-default.conf

Create /etc/apache2/sites-available/test-web (you can name the file whatever you want, but keep .conf suffix).

sudo vim /etc/apache2/sites-available/test-web.conf

Add following lines to the file, replace as needed:

<VirtualHost *:80>
  ServerName example.com
  RewriteEngine On
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R=301]
</VirtualHost>

<VirtualHost *:443>
  ServerName example.com
  ProxyPass / http://127.0.0.1:8080/
  ProxyPassReverse / http://127.0.0.1:8080/
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>

Enable rewrite, ssl and proxy_http Apache plugins.

sudo a2enmod rewrite
sudo a2enmod ssl
sudo a2enmod proxy_http

Enable the new config file.

sudo a2ensite test-web.conf

Restart Apache

sudo systemctl restart apache2

If you have any suggestion, feel free to contact me via social media or email.

Reverse proxy with SSL

Table of Contents

Nginx

Apache

HestiaCP: a free and open source CPanel alternative

Create multiple WordPress sites easily with AWS Lightsail

Creating static websites with Astro

Speech Note: Text-To-Speech, Speech-To-Text and Translations within the same application

Fixing WebGL issues in LibreWolf

How to run CLI scripts inside a GUI environment

Open source projects to follow (XI)

Convert between several markup formats with Pandoc

timeout: run a command with a time limit

Export a manpage to (almost) any format

RSS readers: read feeds with these graphical and command line tools

RS1 Linux News: news aggregator focused on Linux and open source

How to set system language and other regional settings

Poppler: command-line PDF tools

Bliss OS: Android on your PC

How to run Linux commands on a Google Colab notebook

scan4all: a new vulnerability scanner

Popular alternative repositories

(ES) Configurar Linux para usar el DNI electrónico

List of Linux and FOSS websites