Please enable JavaScript to view this page.

Login

The Best IT Training Institute in Bangalore.

Enroll Now
Education Images
Setting Up Nginx with Certbot SSL

By following these steps, you've successfully set up Nginx as a reverse proxy for your MERN stack application and secured it with an SSL certificate using Certbot. Your application is now running with improved security and performance, ensuring a better user experience. Happy coding!

Introduction

The MERN stack (MongoDB, Express.js, React.js, Node.js) is a popular choice for web applications. To ensure security and scalability, deploying it with Nginx as a reverse proxy and securing it with SSL using Certbot is a great approach. This guide will walk you through setting up Nginx for a MERN stack application and securing it with a free SSL certificate from Let's Encrypt using Certbot.

Prerequisites

Before proceeding, ensure you have the following:

  • A server running Ubuntu (or any Linux distribution with Nginx support).

  • A registered domain name (e.g., yourdomain.com).

  • A running Node.js application on port 3000.

  • Nginx installed on your server.

  • Root or sudo access to the server.

Step 1: Install Nginx and Certbot

First, update your system and install Nginx along with Certbot:

sudo apt update
sudo apt install nginx certbot python3-certbot-nginx -y

Configure Nginx as a Reverse Proxy

Create an Nginx configuration file for your domain:

sudo nano /etc/nginx/sites-available/yourdomain.com

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;

    location / {
        proxy_pass http://localhost:3000;  # Your Node.js app
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Save and close the file (CTRL+X, then Y, then ENTER).

 

Understanding sites-available and sites-enabled

Nginx uses two directories to manage site configurations:

  • /etc/nginx/sites-available/: This directory stores all the available site configurations, but they are not active unless linked.

  • /etc/nginx/sites-enabled/: This directory contains symbolic links to the configurations in sites-availablethat should be enabled and used by Nginx.

To enable a site, create a symbolic link:

sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/

Then restart Nginx to apply the changes:

sudo nginx -t  # Test configuration
sudo systemctl restart nginx

Obtain an SSL Certificate with Certbot

Run the following command to obtain and install a free SSL certificate from Let's Encrypt:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Follow the on-screen instructions to complete the SSL setup. Certbot will automatically configure Nginx to use SSL.

sudo certbot renew --dry-run

Final Nginx Configuration (With SSL)

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$host$request_uri;  # Redirect HTTP to HTTPS
}

server {
    listen 443 ssl;
    server_name yourdomain.com www.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Please have a look at the below blog

 linkshttps://itdefined.org/blogs/details/72/Setting%20Up%20Nginx%20with%20Certbot%20SSL/

 

Git Repo Link

https://github.com/itdefined-org-apps/fullstack_mern.git