Question

Setting up SSL with nginx reverse proxy

I’m about to launch a major website. having a bit of a trouble with configuring SSL correctly, and need to make sure I don’t screw it up.

I do have SSL cert files, and following the guide here: https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority#install-certificate-on-web-server

  1. I have an Nginx in front/root acting as a reverse proxy.
  2. I have wordpress on Apache server at port 8090
  3. and my app is at port 8000 (nodejs), consuming API from wordpress above.

So my current setup is such: 1. /etc/nginx/sites-available/default:

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;
     index index.php index.js index.html index.htm index.nginx-debian.html;
     server_name domain.com www.domain.com;

    location / {
        proxy_pass http://localhost:8000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /wordpress {
        proxy_pass http://localhost:8090;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

2. /etc/apache2/ports.conf:

Listen 8090

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

So, I suppose I need to modify ** /etc/nginx/sites-available/default:** like below.

Just need someone to tell me if there’s something wrong here:

server {
     listen 443 ssl default_server;
     listen [::]:443 ssl default_server;

     root /var/www/html;
     index index.php index.js index.html index.htm index.nginx-debian.html;
     server_name domain.com www.domain.com;
     ssl_certificate /ssl/domain.com.chained.crt;
     ssl_certificate_key /ssl/domain.com.key;

    location / {
        proxy_pass http://localhost:8000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /wordpress {
        proxy_pass http://localhost:8090;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hello,

  1. I believe that if you do not have an Apache Vhost for port 443 then Apache would not use the port. But to be on the safe side you could change those lines in the apache config to another port like 8443 for example.

  2. If there would be only one single site on the server, I don’t see a problem of making the changes to the default Nginx conf file. Creating a separate conf file would indeed be required if you decide to add another site.

As always make sure to backup your configuration files before making any chances, always run config test before restarting the services and it is best to have a dev environment where you could test your changes.

Hope that this helps :)

Hi Geochanto,

I have a similar setup and I believe that your config looks correct. Just before restarting Nginx, make sure to run a configtest with the nginx -t command after your changes to make sure that there are no errors.

This comment has been deleted