CraftedTemplate
Blog How to Set Up a Reverse Proxy and SSL with Nginx and Certbot (Production Server Setup)

How to Set Up a Reverse Proxy and SSL with Nginx and Certbot (Production Server Setup)

11/2/2025 • Festus Ayomike
How to Set Up a Reverse Proxy and SSL with Nginx and Certbot (Production Server Setup)

Once you’ve hosted a site with Nginx, you might want to add HTTPS, routing multiple apps, or load balance — this is where reverse proxies come in.

An Nginx reverse proxy lets you manage multiple web services (e.g., a React frontend, a Node.js API, and an admin dashboard) under one domain — all secured with free SSL certificates via Certbot.

In this guide, you’ll learn how to set up a reverse proxy, secure it with SSL, and optimize it for production.

See Also: How to Host a Website on Hostinger (Beginner-Friendly Guide)

What Is a Reverse Proxy?

A reverse proxy sits between clients (browsers) and backend servers, forwarding requests and responses.

Benefits:

  • Serve multiple apps on one domain
  • Add SSL to backend services
  • Improve performance via caching
  • Hide backend server IPs for better security

Step 1: Install Nginx

If you haven’t already:

Code · batchfile
sudo apt update
sudo apt install nginx -y

Step 2: Create App Services

Let’s say you have:

  • Frontend: running on port 3000
  • Backend API: running on port 4000

Both on the same VPS.

Step 3: Configure Nginx Reverse Proxy

Create a config file:

Code · batchfile
sudo nano /etc/nginx/sites-available/mywebsite.com

Add this:

Code · sh
server {
    listen 80;
    server_name mywebsite.com www.mywebsite.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /api/ {
        proxy_pass http://localhost:4000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Enable it:

Code · batchfile
sudo ln -s /etc/nginx/sites-available/mywebsite.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Now requests to:

  • / → go to frontend (port 3000)
  • /api/ → go to backend (port 4000)

See Also: How to Automate Deployment Pipelines with Bitbucket Pipelines (Complete Guide)

Step 4: Add SSL with Certbot

Install Certbot:

Code · batchfile
sudo apt install certbot python3-certbot-nginx -y

Issue SSL:

Code · batchfile
sudo certbot --nginx -d mywebsite.com -d www.mywebsite.com

Certbot automatically edits your config for HTTPS and adds renewal automation.

Step 5: Force HTTPS

To redirect HTTP → HTTPS, add:

Code · sh
server {
    listen 80;
    server_name mywebsite.com www.mywebsite.com;
    return 301 https://$host$request_uri;
}

Then reload Nginx:

Code · batchfile
sudo systemctl reload nginx

See Also: How to Host a Website on an Nginx VPS (Complete Ubuntu Server Guide)

Step 6: Optimize for Production

  • Enable gzip compression for faster load times:
Code · sh
gzip on;
gzip_types text/plain text/css application/json application/javascript;
  • Set up rate limiting to prevent DDoS attacks.
  • Use firewall (ufw) to allow only essential ports:
Code · sh
sudo ufw allow 'Nginx Full'
sudo ufw enable

Conclusion

With Nginx and Certbot, you can build a secure, scalable, and professional-grade hosting setup — perfect for production environments and client projects.

Next in Hosting Academy: we’ll explore website monitoring and automatic backups — keeping your hosted projects safe and reliable 24/7.

Part of the Hosting Academy

Follow the full beginner → pro path to deploy any Crafted Template.

Browse the series →